Hackers are increasingly interested in network devices, and more specifically home users’ routers. This equipment is directly connected to the Internet and often has out-of-date software. Therefore, home routers are an easy target for attack. Russian hackers who infected 500,000 routers with the VPNFilter virus have recently benefited from this. Fortunately, the resulting botnet was disarmed by the FBI.

Your Wi-Fi router, just like a computer or smartphone, has an operating system. Usually, it is quite complicated software, which unfortunately has holes. That is why router manufacturers periodically release patches that have been discovered in the meantime. Some routers have an automatic update installation system. However, some equipment has software modified by the Internet provider, which sets the schedule for the update itself. That’s why in many homes there are unmanaged routers that are vulnerable to various types of attacks. Cisco specialists have found that 54 countries have a total of 500,000 routers that have been infected with the VPNFilter virus. His task was to create a huge botnet.


The FBI has deactivated the VPNFilter botnet by taking over the ToKnowAll domain

VPNFilter virus after infection of the router begins to work in the mode, which task is to know the network to which the attacked hardware is connected. However, later it goes into a second state, which allows you to download dedicated modules and waits for commands from the botnet controlling server. Fortunately, the virus has a rigidly saved server address from which it can receive commands. Therefore, the FBI applied to the court for taking over the domain, which allowed stopping communication between infected equipment and cybercriminals. However, this does not mean that VPNFilter has stopped being a problem. Attackable routers should be updated as soon as possible, and infected equipment must be restored to factory settings.

The vulnerability exploited by hackers occurs in the older software of the following devices:

  • Linksys E1200, E2500, WRVS4400N,
  • MikroTik RouterOS for Cloud Core Routers 1016, 1036, 1072,
  • Netgear DGN2200, R6400, R7000, R8000, WNR1000, WNR2000,
  • QNAP TS251, TS439 Pro, other devices operating under QTS control,
  • TP-Link R600VPN.

Of course, the gap has long been patched. The problem concerns equipment that has not been updated for a long time. Therefore, just in case you need to check whether your routers and network drives have the automatic update option enabled. If not, then you should restore the default settings just in case, which unfortunately results in the loss of all settings. Unfortunately, the VPNFilter virus is so persistent that it remains active after the device reboots. Therefore, this is the only way to remove it.

Source: Cisco, Daily Beast