VPN Filter EN
VPNFilter is a malware that is directed to your router instead of your PC, having a huge global impact of infections due to the low prediction to this type of attacks and transparency in the running by not making use directly in the main devices . It is estimated that in its initial detection, more than 500,000 infected devices have been evaluated, finding large botnets. Initially it was thought that its main function was to be able to execute all the functions offered by a botnet, but it has been discovered that its main objective is to act in front of the internal devices of the networks making use of its function of man-in-the-middle, being able to intercept the traffic that passes through a device infected to inject its malicious code, has the ability to steal data, make bank transfers from the victim's account, infect other devices within the network once infected and even disable the infected devices.
Router marks with known infection potential
If you have a router or device of any of these brands it is recommended that you check if your model is vulnerable to this attack.
- ASUS:
- PRT-AC66U
- PRT-N10
- PRT-N10E
- PRT-N10U
- PRT-N56U
- PRT-N66U
- D-LINK:
- PDES-1210-08P (new)
- PDIR-300 (new)
- PDIR-300A (new)
- PDSR-250N (new)
- PDSR-500N (new)
- PDSR-1000 (new)
- PDSR-1000N (new)
- HUAWEI:
- PHG8245 (new)
- LINKSYS:
- PE1200
- PE2500
- PE3000
- PE3200
- PE4200
- PRV082
- PWRVS4400N
- MIKROTIK DEVICES:
- PCCR1009 (new)
- PCCR1016
- PCCR1036
- PCCR1072
- PCRS109 (new)
- PCRS112 (new)
- PCRS125 (new)
- PRB411 (new)
- PRB450 (new)
- PRB750 (new)
- PRB911 (new)
- RB921 (new)
- RB941 (new)
- RB951 (new)
- RB952 (new)
- RB960 (new)
- RB962 (new)
- RB1100 (new)
- RB1200 (new)
- RB2011 (new)
- RB3011 (new)
- RB Groove (new)
- RB Omnitik (new)
- STX5 (new)
- NETGEAR DEVICES:
- DG834 (new)
- DGN1000 (new)
- DGN2200
- DGN3500 (new)
- FVS318N (new)
- MBRN3000 (new)
- R6400
- R7000
- R8000
- WNR1000
- WNR2000
- WNR2200 (new)
- WNR4000 (new)
- WNDR3700 (new)
- WNDR4000 (new)
- WNDR4300 (new)
- WNDR4300-TN (new)
- UTM50 (new)
- QNAP DEVICES:
- TS251
- TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-LINK DEVICES:
- R600VPN
- TL-WR741ND (new)
- TL-WR841N (new)
- UBIQUITI DEVICES:
- NSM2
- PBE M5
- UPVEL:
- Unknown Models *
- ZTE:
- PZXHN H108N (new)
Recommendation to avoid / clean possible infections
Due to the massive attack found using this method of infection, contingency guidelines recommended by organisms such as Kaspersky, Norton or the FBI have been established.
- 1. Restart the router and change the credentials. The restart does not eliminate the malware, but limits its functionality.
- 2. Restore the factory settings of the device
- 3. Update to the latest firmware version
- 4. Deactivate remote administration before reconnecting it to the internet. (Services such as telnet, ssh among others)
In addition to these contingency guidelines it is also recommended to change factory preset passwords and usually check the mac addresses connected to our network.
