Menu
What's new
By:
Filters Better Search

VPNFilter Malware

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

No news. See Cisco Talos for info, e.g. "device destruction module" for files and processes that suggest a compromised device, for some models.

It's an ongoing exploit, not a single malware program or a specific bug. We don't know what security holes have been or will be exploited.

We don't know how to secure routers from this firmware, how to clean the malware off routers, nor whether that would even help.

See https://routersecurity.org/index.php about router security, configuration for security, and a business class device that might be more secure.
 
Hello Jerry12 thanks for your reply, I also found this online tool that checks if the router has been compromised by a specific component used by VPNFilter, known as the the ssler plugin.
http://www.symantec.com/filtercheck/

I`m very disappointed with Asus, the RT-AC66U is still on the market and Asus does not release an update for this bug....
 
Alessio said:
I`m very disappointed with Asus, the RT-AC66U is still on the market and Asus does not release an update for this bug....
Click to expand...
That might be because the current firmware isn't vulnerable to it; all the reported infections are on old models (presumably running old firmware). But at the moment that's just speculation because nobody has said how this infection has happened.
 
sfx2000 said:
Latest from TrendMicro (7/13) - keep in mind this is a blended threat for many.

https://blog.trendmicro.com/trendla...evices-still-riddled-with-19-vulnerabilities/
Click to expand...
Interesting... I'm not too sure what to make of this. The majority of the article (and link pages) doesn't present anything that we didn't already know (from an Asus perspective).

The only part that is new is Table 2 (19 vulnerability detections on VPNFilter-affected devices) and this phrase "19 known vulnerabilities, not only taken advantage of by VPNFilter but other malware as well".

Without further explanation they appear to have looked at the routers that have been infected with VPNFilter, then scanned said routers for known exploits, and concluded that the infection must have been from these exploits. That's a big assumption and smacks of correlation rather than causation. Especially when they're citing CVE-2017-8877 which AFAIK isn't exploitable. :confused:
 
Last edited:
ColinTaylor said:
That's a big assumption and smacks of correlation rather than causation. Especially when they're citing CVE-2017-8877 which AFAIK isn't exploitable. :confused:
Click to expand...

This is just marketing stuff. See this key phrase that struck me:

IoT Smart Checker can identify other publicly known vulnerabilities targeting the devices as listed below:
Click to expand...

So basically, this is marketing for their IoT Smart Checker to identify OTHER publicly known vulnerabilities... They're not saying these vulnerabilities were targeted by VPNFilter. As you noted, that particular CVE for instance is an information leak, and is in no way exploitable at a software level.
 
RMerlin said:
This is just marketing stuff.
Click to expand...
Thanks Merlin. That was my initial take on it as well. The only reason I thought there might be more to it was the phrase "taken advantage of by VPNFilter" which implies that they know how VPNFilter compromises routers. They appear to be stretching the truth there.:rolleyes:
 
kfp said:
I’m assuming you’re talking about John’s fork. You could have it installed in about the same time you typed up this comment. Reading the first post for that fork would give you an idea what it does and does not include. Yea, there are easier choices than “throw my router away”.
Click to expand...

Yes, I could have it installed in the time it took to type the comment. I couldn't, however, answer any of my questions in remotely as little time. I know that, because I already attempted to do so. A brief list of bullet points in a forum post doesn't tell me which of the lesser-used features I might personally rely upon might no longer be available or work for my usage. Which is why I took the time to make a perfectly valid post making a perfectly reasonable query.

Next time, instead of wasting time acting high and mighty, could you maybe try reading and comprehending the question you're answering? Or alternatively, not wasting our time with your smug superiority?
 
You must log in or register to reply here.

Similar threads

TeaDragon
Flax Typhoon malware affecting ASUS RT-*/GT-*/ZenWifi ???
Replies
8
Views
830
jerry6
jerry6
PR3MIUM
News Mirai DDoS malware variant expands targets with 13 router exploits [D-Link, TP-Link Archer, Yealink, Zyxel...]
Replies
10
Views
1K
ColinTaylor
C
C
AVrecon malware infects 70,000 Linux routers to build botnet
Replies
5
Views
1K
cptnoblivious
C
PR3MIUM
News Windows build 2024 and Ai Recall - Security Risk
Replies
2
Views
674
PR3MIUM
PR3MIUM
N
RT-AX86U-Pro, WAN disconnect every 36 hours
2
Replies
25
Views
2K
Nick24
N
Similar threads
Thread starter Title Forum Replies Date
D Android based banking malware “Snowblind” General Network Security 0
D News New Discord application malware General Network Security 0
PR3MIUM News Mirai DDoS malware variant expands targets with 13 router exploits [D-Link, TP-Link Archer, Yealink, Zyxel...] General Network Security 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 789 (members: 37, guests: 752)
Top