MOREnet Blogs

A new breed of malware, called VPNFilter, is targeting network routers. Most malware will aim itself toward the devices attached to the router but by attacking the router directly it is hoped that the intrusion will be more successful due to the lack of countermeasures that the router will have.

The Department of Justice and the FBI have seized control of the domain being used for the botnet. This means that for those devices already infected, the malware won’t be able to reestablish a connection after the communication has been interrupted. In order to be effective it is necessary to reboot your router.

Here is a list of targeted devices:

  • Linksys: E1200, E2500, and WRVS4400N
  • Mikrotik: 1016, 1036, and 1072
  • Netgear: DGN2200, R6400, R7000, R8000, WNR1000, and WMR2000
  • QNAP: TS251 and TS439 Pro
  • TP-LINK: R600VPN

If your device is listed-follow the steps below. If you have one of these brands, you likely also are subject to the vulnerability. If you don’t have any of these devices you are probably OK but it wouldn’t hurt anything to take precautions.

Step 1

Unplug the router. Wait 1 minute. Plug it back in.

End of instructions.

Oh, and this might be a good time to check a few things.

  • Is your firmware up to date?
  • Did you change the default user name and password?

FBI Public Service Announcement

Resetting your Router the (Paranoid (=Right) Way

Reboot your router: How to, why to, and what not to do

Categories: Cyber Security

Leave a Reply