https://thehackernew...er-malware.html
Routers targeted with Malware [link]
Page 1 of 16 Replies - 654 Views - Last Post: 08 June 2018 - 12:33 PM
Replies To: Routers targeted with Malware [link]
#2
Re: Routers targeted with Malware [link]
Posted 07 June 2018 - 01:21 PM
Well that sucks.
Quote
Initially, it was believed that the malware targets routers and network-attached storage from Linksys, MikroTik, NETGEAR, and TP-Link, but a more in-depth analysis conducted by researchers reveals that the VPNFilter also hacks devices manufactured by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE.
Quote
Therefore, rebooting alone is not enough to completely remove the VPNFilter malware from infected devices, and owners of consumer-grade routers, switches, and network-attached storage devices need to take additional measures, which vary from model to model. For this, router owners are advised to contact their manufacturer.
#3
Re: Routers targeted with Malware [link]
Posted 07 June 2018 - 01:24 PM
I was looking more at this,
Quote
To setup packet sniffing for all outgoing web requests on port 80, the module configures the device's iptables immediately after its installation to redirect all network traffic destined for port 80 to its local service listening on port 8888.
"To ensure that these rules do not get removed, ssler deletes them and then adds them back approximately every four minutes," the researchers explain.
To target HTTPS requests, the ssler module also performs SSLStrip attack, i.e., it downgrades HTTPS connections to HTTP, forcing victim web browsers into communicating over plaintext HTTP.
"To ensure that these rules do not get removed, ssler deletes them and then adds them back approximately every four minutes," the researchers explain.
To target HTTPS requests, the ssler module also performs SSLStrip attack, i.e., it downgrades HTTPS connections to HTTP, forcing victim web browsers into communicating over plaintext HTTP.
#4
Re: Routers targeted with Malware [link]
Posted 08 June 2018 - 08:41 AM
Man, so now I've gotta get a new router?

#5
Re: Routers targeted with Malware [link]
Posted 08 June 2018 - 09:49 AM
Pfsense for the win, once again

#6
Re: Routers targeted with Malware [link]
Posted 08 June 2018 - 12:31 PM
If you are getting a new router, whatever you do, DO NOT get a Linksys WRT3200ACM. It's not the affected routers list, and if you wanted extra protection you could install DDWRT or OpenWRT on it. Don't believe the good reviews on various sites hailing this router. Those reviews seem to just be looking at the specs, but none of them seem to have actually tried running the router for an extended period of time. The radio on this device is unstable and likes to drop connections. My kids, who are avid YouTube watchers, have been complaining about their videos stopping. It's the hardware, not the software. It lasts a bit longer with DDWRT as compared its stock firmware, but still flakey. It's gotten to the point that a long time DDWRT Guru who has been working on DDWRT has physically taken a hammer to his WRT3200ACM out of frustation.
I'm looking to replace mine as soon as I can afford to do so. (I shouldn't have bought that second mechanical keyboard.) I'm weighing the complaint rate of going back to my slower but more stable router, or just keep limping along with this router.
I'm looking to replace mine as soon as I can afford to do so. (I shouldn't have bought that second mechanical keyboard.) I'm weighing the complaint rate of going back to my slower but more stable router, or just keep limping along with this router.
#7
Re: Routers targeted with Malware [link]
Posted 08 June 2018 - 12:33 PM
I'll keep that in mind, thanks Skydiver. My router is already pretty bad and likes to drop connections fairly often, so I was planning on getting a new one soon anyway.
Page 1 of 1