Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


VPNFilter Malware Announcement
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

VPNFilter Malware Announcement

emgemg Veteran

Malware attacking various routers is not new, but this appears to be a state-sponsored attack with potential for wide-scale attacks. The research is incomplete, but the researchers felt that the threat was so significant that they had to publish prematurely. See:

https://blogs.cisco.com/security/talos/vpnfilter

Thanked by 2sibaper mksh

Comments

  • Well.. did everyone already reboot/reset the router today? And what about tomorrow if a new malware comes? I guess reboot/reset everyday the router will be a day routine ;)

  • mkshmksh Member

    @nqservices said:
    Well.. did everyone already reboot/reset the router today? And what about tomorrow if a new malware comes? I guess reboot/reset everyday the router will be a day routine ;)

    Well only that it doesn't really help in that case. It just might prevent the worst (for some time). Seems the only solution is to buy only routers from companies that actually care about security which limits choices by a lot or build DIY software routers. Seems my distrust in all those cheap blackbox devices really wasn't misplaced after all.

  • NihimNihim Member

    Is there a list of exactly which companies & models are vulnerable?

  • nqservicesnqservices Member
    edited May 2018

    @Nihim said:
    Is there a list of exactly which companies & models are vulnerable?

    From what I read (until now) the affected router brands are: Netgear, Linksys, TP-Link and MicroTik. Also QNAP NAS are affected. Some specific models are listed here: https://blog.talosintelligence.com/2018/05/VPNFilter.html

  • seanhoseanho Member

    Apparently, we still don't know exactly what vulnerabilities VPNFilter exploits, but all the routers that have been exploited were on old firmware with known vulnerabilities, so no evidence of new zero-days yet.

  • jarjar Patron Provider, Top Host, Veteran

    "likely state-sponsored or state-affiliated"

    I love this. Times never really change. Seems like only a century ago we blamed everything on those evil people over there... I mean yesterday, seems like yesterday. Probably was.

    Could also be some bored teenager.

  • MikeAMikeA Member, Patron Provider

    @jarland said:
    "state-affiliated"

    He had citizenship!!

    Thanked by 1jar
  • @jarland said:
    Could also be some bored teenager.

    While it could be, it's unlikely to be and all evidence points to it being based on malware used by Russian hacking groups, so it's hardly a jump there. You can't just dismiss the easiest answer (based on evidence) because there's a small possibility of being wrong.

  • jarjar Patron Provider, Top Host, Veteran

    @imthatguyhere said:

    @jarland said:
    Could also be some bored teenager.

    While it could be, it's unlikely to be and all evidence points to it being based on malware used by Russian hacking groups, so it's hardly a jump there. You can't just dismiss the easiest answer (based on evidence) because there's a small possibility of being wrong.

    Lol

  • mkshmksh Member

    @jarland said:
    "likely state-sponsored or state-affiliated"

    I love this. Times never really change. Seems like only a century ago we blamed everything on those evil people over there... I mean yesterday, seems like yesterday. Probably was.

    Could also be some bored teenager.

    Sure anything could but really the times of exploiting stuff for fun are mostly over. Shit's way to serious these days and most large scale operations are usually either tied to organized crime or some state trying their skills at technological warfare.

Sign In or Register to comment.