Kitz Forum

Announcements => News Articles => Topic started by: Bowdon on June 07, 2018, 10:40:07 AM

Title: VPNFilter Malware Targeting More Consumer Broadband Routers
Post by: Bowdon on June 07, 2018, 10:40:07 AM
https://www.ispreview.co.uk/index.php/2018/06/vpnfilter-malware-targeting-more-consumer-broadband-routers.html (https://www.ispreview.co.uk/index.php/2018/06/vpnfilter-malware-targeting-more-consumer-broadband-routers.html)

Quote
Last month security researchers found that a sophisticated and “likely state-sponsored” malware, dubbed VPNFilter, had become widespread and was infecting business devices from Linksys, MikroTik, NETGEAR and TP-Link. Sadly the code is now also hitting kit from ASUS, D-Link, Huawei, Ubiquiti, UPVEL and ZTE.

Quote
    Known Affected Devices

    Asus Devices:
    RT-AC66U (new)
    RT-N10 (new)
    RT-N10E (new)
    RT-N10U (new)
    RT-N56U (new)
    RT-N66U (new)

    D-Link Devices:
    DES-1210-08P (new)
    DIR-300 (new)
    DIR-300A (new)
    DSR-250N (new)
    DSR-500N (new)
    DSR-1000 (new)
    DSR-1000N (new)

    Huawei Devices:
    HG8245 (new)

    Linksys Devices:
    E1200
    E2500
    E3000 (new)
    E3200 (new)
    E4200 (new)
    RV082 (new)
    WRVS4400N

    Mikrotik Devices:
    CCR1009 (new)
    CCR1016
    CCR1036
    CCR1072
    CRS109 (new)
    CRS112 (new)
    CRS125 (new)
    RB411 (new)
    RB450 (new)
    RB750 (new)
    RB911 (new)
    RB921 (new)
    RB941 (new)
    RB951 (new)
    RB952 (new)
    RB960 (new)
    RB962 (new)
    RB1100 (new)
    RB1200 (new)
    RB2011 (new)
    RB3011 (new)
    RB Groove (new)
    RB Omnitik (new)
    STX5 (new)

    Netgear Devices:
    DG834 (new)
    DGN1000 (new)
    DGN2200
    DGN3500 (new)
    FVS318N (new)
    MBRN3000 (new)
    R6400
    R7000
    R8000
    WNR1000
    WNR2000
    WNR2200 (new)
    WNR4000 (new)
    WNDR3700 (new)
    WNDR4000 (new)
    WNDR4300 (new)
    WNDR4300-TN (new)
    UTM50 (new)

    QNAP Devices:
    TS251
    TS439 Pro
    Other QNAP NAS devices running QTS software

    TP-Link Devices:
    R600VPN
    TL-WR741ND (new)
    TL-WR841N (new)

    Ubiquiti Devices:
    NSM2 (new)
    PBE M5 (new)

    Upvel Devices:
    Unknown Models* (new)

    ZTE Devices:
    ZXHN H108N (new)

    * Malware targeting Upvel as a vendor has been discovered, but they are unable to determine which specific device it is targeting.

I noticed my old RT-N66U is on the list. It is scary that so many router vendors are using the same base software in their devices. One base attack seems to take down many of them.
Title: Re: VPNFilter Malware Targeting More Consumer Broadband Routers
Post by: Browni on June 07, 2018, 11:17:20 AM
Interesting that my Asus DSL-AC88U is not on the list, possibly down to the Broadcom firmware?
Title: Re: VPNFilter Malware Targeting More Consumer Broadband Routers
Post by: niemand on June 07, 2018, 11:38:21 AM
Looks like it exploits Busybox (https://busybox.net/about.html) compiled for certain architectures. Won't be related to the DSL firmware per se.
Title: Re: VPNFilter Malware Targeting More Consumer Broadband Routers
Post by: Bowdon on June 07, 2018, 12:47:01 PM
I noticed the article didnt say how we'd actually notice if the router was infected.

Is there any way to tell?