6 Replies - 634 Views - Last Post: 08 June 2018 - 12:33 PM

#1 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2955
  • View blog
  • Posts: 11,474
  • Joined: 03-December 12

Routers targeted with Malware [link]

Posted 07 June 2018 - 01:09 PM

https://thehackernew...er-malware.html
Is This A Good Question/Topic? 0
  • +

Replies To: Routers targeted with Malware [link]

#2 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 15301
  • View blog
  • Posts: 61,367
  • Joined: 12-June 08

Re: Routers targeted with Malware [link]

Posted 07 June 2018 - 01:21 PM

Well that sucks.

Quote

Initially, it was believed that the malware targets routers and network-attached storage from Linksys, MikroTik, NETGEAR, and TP-Link, but a more in-depth analysis conducted by researchers reveals that the VPNFilter also hacks devices manufactured by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE.


Quote

Therefore, rebooting alone is not enough to completely remove the VPNFilter malware from infected devices, and owners of consumer-grade routers, switches, and network-attached storage devices need to take additional measures, which vary from model to model. For this, router owners are advised to contact their manufacturer.

Was This Post Helpful? 0
  • +
  • -

#3 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2955
  • View blog
  • Posts: 11,474
  • Joined: 03-December 12

Re: Routers targeted with Malware [link]

Posted 07 June 2018 - 01:24 PM

I was looking more at this,

Quote

To setup packet sniffing for all outgoing web requests on port 80, the module configures the device's iptables immediately after its installation to redirect all network traffic destined for port 80 to its local service listening on port 8888.
"To ensure that these rules do not get removed, ssler deletes them and then adds them back approximately every four minutes," the researchers explain.
To target HTTPS requests, the ssler module also performs SSLStrip attack, i.e., it downgrades HTTPS connections to HTTP, forcing victim web browsers into communicating over plaintext HTTP.

Was This Post Helpful? 0
  • +
  • -

#4 8Bit Bob   User is offline

  • D.I.C Head
  • member icon

Reputation: 10
  • View blog
  • Posts: 100
  • Joined: 07-February 18

Re: Routers targeted with Malware [link]

Posted 08 June 2018 - 08:41 AM

Man, so now I've gotta get a new router? :/
Was This Post Helpful? 0
  • +
  • -

#5 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6822
  • View blog
  • Posts: 31,455
  • Joined: 10-May 07

Re: Routers targeted with Malware [link]

Posted 08 June 2018 - 09:49 AM

Pfsense for the win, once again ;)
Was This Post Helpful? 0
  • +
  • -

#6 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7093
  • View blog
  • Posts: 24,102
  • Joined: 05-May 12

Re: Routers targeted with Malware [link]

Posted 08 June 2018 - 12:31 PM

If you are getting a new router, whatever you do, DO NOT get a Linksys WRT3200ACM. It's not the affected routers list, and if you wanted extra protection you could install DDWRT or OpenWRT on it. Don't believe the good reviews on various sites hailing this router. Those reviews seem to just be looking at the specs, but none of them seem to have actually tried running the router for an extended period of time. The radio on this device is unstable and likes to drop connections. My kids, who are avid YouTube watchers, have been complaining about their videos stopping. It's the hardware, not the software. It lasts a bit longer with DDWRT as compared its stock firmware, but still flakey. It's gotten to the point that a long time DDWRT Guru who has been working on DDWRT has physically taken a hammer to his WRT3200ACM out of frustation.

I'm looking to replace mine as soon as I can afford to do so. (I shouldn't have bought that second mechanical keyboard.) I'm weighing the complaint rate of going back to my slower but more stable router, or just keep limping along with this router.
Was This Post Helpful? 0
  • +
  • -

#7 8Bit Bob   User is offline

  • D.I.C Head
  • member icon

Reputation: 10
  • View blog
  • Posts: 100
  • Joined: 07-February 18

Re: Routers targeted with Malware [link]

Posted 08 June 2018 - 12:33 PM

I'll keep that in mind, thanks Skydiver. My router is already pretty bad and likes to drop connections fairly often, so I was planning on getting a new one soon anyway.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1