Reboot your router, this might temporarily disrupt VPNFilter, but that’s not it, do not stop there; reset the router as well.
Our team at HTRI has recently come across a new malware that targets a specific range of routers and network-attached storage (NAS) devices by making them unusable.
Appearing with some distinct qualities, VPNFilter has already been tagged as one of the most widely distributed malware in such limited time.
This malware has the ability to survive the reboot maintaining its untouched presence on the router.
Due to which last week FBI publicly announced to reboot and reset all the routers.
VPNFilter is also equipped with an advanced tracking mechanism. It can easily record everything that goes in and out through the device.
Its developers seem to have a certain interest in SCADA industrial control systems, generating a module which specifically seizes Modbus SCADA communications.
According to experts from Cisco Talos, movements surrounding the malware has stepped up in recent weeks and the attackers appear to be particularly interested in targets in Ukraine.
While VPNFilter has spread widely, data from Symantec's honeypots and sensors indicate that unlike other IoT threats such as Mirai, it does not appear to be scanning and indiscriminately attempting to infect every vulnerable device globally.
Till date, VPNFilter is known to infect many small offices, home and enterprise routers all around the world.
The infected routers are from Netgear, MikroTik, Linksys, and TP-Link, also, QNAP’s NAS devices.
Devices are so far known to be infected by VPNFilter.
- Linksys WRVS4400N
- MikroTik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Linksys E1200
- Linksys E2500
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
