It seems like every year now we’re getting another major malware scare of some kind. Last year it was WannaCrypt. This year it’s VPNFilter, a piece of malware designed to infect routers.
The malware apparently is designed to capture data transferred over the network for whatever use it may be to those behind the malware, as well as have a capability to straight up kill the infected router if so desired.
People forget their routers are computers in their own right – they have their own processor, memory, and operating system. They can run quite a bit of code, and are more capable than many people think. Of course a result of this is that malware written for a particular set of router hardware is effectively trivial for anyone skilled at coding, and VPNFilter is a fine example of this. The Malware has been reported to have infected 500,000 to 1 million devices, potentially.
Funny thing, in skimming for info, I haven’t quite noticed how people are actually being infected by this bit of malware – I’m going to presume normal drive-by download and run cases, but this isn’t my field of expertise, so I can’t say for sure based on just what the malware is and how it behaves. The fact remains there has to be an infection vector which on its own can certainly be eliminated, if it hasn’t been already.
The malware is believed to have been produced by a Russian cyber espionage group, and apparently is being used for active data gathering. The FBI recommended originally, when the software was discovered, that users reset their routers to factory defaults – this would clear the malware from the machine, but also require the end user to reconfigure their router. This suggestion was later changed to users simply “rebooting” their routers, as this would eliminate the dangerous element of the payload, which is running from memory. The malware would try to re-download the dangerous portion of itself, but now would fail, as a server associated with the malware has apparently been seized, and is now being used by the FBI to try to locate those responsible for the malware.
It should be noted that this malware is supposed to affect a limited, but popular range of router hardware (See the Wikipedia link below for a list), but I’d say on a whole we all would do best to give our routers, modems, gateways, whatever, a good reset, just to be on the safe side.
If you don’t know how to do this, it’s trivial, really – there will be a little button on the back of most every router that you just press and it resets it. Alternately, you can just unplug it, wait 10-30 seconds, then plug the device back in to power – that’s actually the method I’d prefer in this case.
I wouldn’t worry too much about this in the long term, but it’s worth giving your hardware a reset.
https://en.wikipedia.org/wiki/VPNFilter
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.siliconrepublic.com/enterprise/vpnfilter-router-malware