New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
VPNFilter Malware Announcement
Malware attacking various routers is not new, but this appears to be a state-sponsored attack with potential for wide-scale attacks. The research is incomplete, but the researchers felt that the threat was so significant that they had to publish prematurely. See:
Comments
direct link https://blog.talosintelligence.com/2018/05/VPNFilter.html
Well.. did everyone already reboot/reset the router today? And what about tomorrow if a new malware comes? I guess reboot/reset everyday the router will be a day routine
Well only that it doesn't really help in that case. It just might prevent the worst (for some time). Seems the only solution is to buy only routers from companies that actually care about security which limits choices by a lot or build DIY software routers. Seems my distrust in all those cheap blackbox devices really wasn't misplaced after all.
Is there a list of exactly which companies & models are vulnerable?
From what I read (until now) the affected router brands are: Netgear, Linksys, TP-Link and MicroTik. Also QNAP NAS are affected. Some specific models are listed here: https://blog.talosintelligence.com/2018/05/VPNFilter.html
Apparently, we still don't know exactly what vulnerabilities VPNFilter exploits, but all the routers that have been exploited were on old firmware with known vulnerabilities, so no evidence of new zero-days yet.
"likely state-sponsored or state-affiliated"
I love this. Times never really change. Seems like only a century ago we blamed everything on those evil people over there... I mean yesterday, seems like yesterday. Probably was.
Could also be some bored teenager.
He had citizenship!!
While it could be, it's unlikely to be and all evidence points to it being based on malware used by Russian hacking groups, so it's hardly a jump there. You can't just dismiss the easiest answer (based on evidence) because there's a small possibility of being wrong.
Lol
Sure anything could but really the times of exploiting stuff for fun are mostly over. Shit's way to serious these days and most large scale operations are usually either tied to organized crime or some state trying their skills at technological warfare.