Posted on May 28, 2018 at 6:28 PM
A new malware called VPNFilter managed to infect more than 500,000 devices in over 54 countries around the world. The malware was confirmed to be a part of a botnet, and it infects routers, which is why the FBI advises their immediate reboot, in order for users to protect themselves.
The Justice Department of the US has revealed last Wednesday that the FBI managed to seize a domain that was hosting a large botnet. The botnet spread to over half a million infected devices in offices and homes alike, and it was found in 54 countries around the world. The devices that were infected were produced by TP-Link, NETGEAR, Linksys, and MikroTik.
They added that the domain in question, called ToKnowAll.com was used by a Russian hacking group called Fancy Bear. The part of their campaign included a highly sophisticated and advanced form of malware known as VPNFilter.
Reboot the router to flush out the malware
In order to combat the issue, the FBI decided to identify the infected devices by capturing their IP addresses. They stated that all owners of office and home routers should reboot their devices so that they would eliminate the threat of the malware. This is necessary due to VPNFilter’s capability to make routers inoperable, while also being able to collect any sort of data that travels through it.
The malware, obviously, poses a very large threat to users’ privacy, as well as their ability to continue operating online. However, the process of getting rid of the infection is as simple as doing a router reboot. Cisco’s researchers have stated that the malware is highly capable, expansive, dangerous, and robust. This makes it a serious threat, and a large issue which is not easily defended against.
Its modular framework allows it to quickly change and adapt to their victim’s operational infrastructure. Because of that, it is capable of collecting data, locating platforms susceptible to attack, and alike.
Infected devices and methods of protection
So far, it is known that over 500,000 devices have been infected, and the malware has managed to quickly spread to more than 54 countries. Despite such a large coverage, it would seem that its main target was Ukraine. To help potential victims, a list of router models most susceptible to infections was created, and it includes the following: TP-Link R600VPN, QNAP TS439, QNAP TS251, Linksys DGN2200, Linksys WRVS4400N, Linksys E2500, Linksys E1200, Netgear WNR1000, Netgear WNR2000, Netgear DGN220, Netgear R8000, Netgear R6400, and Netgear R7000.
Besides a reboot, the FBI has stated that users should also change their login information for routers. Apart from that, it may be a good idea to also update it to the latest version that you can find, and disable remote management settings. Also, be wary of unusual Internet traffic that might indicate that something is not right.
In order to avoid possible exploits by the malware or the attackers, users can also go to QNAP’s security advisory, where they can find various recommendations on how to remain safe during their online sessions.