D-Link Forums

Announcements => Security Advisories => Topic started by: AmyC on May 29, 2018, 05:24:42 AM

Title: VPNFilter can survive reboots and contains destructive "kill" function
Post by: AmyC on May 29, 2018, 05:24:42 AM
I apologize if this is not the right place to post this but the FBI has released notice that at least over 500k home and small business routers are infected. Any idea about what D-Link users can do beside a reboot and factory reset. We've done both these things but would love some firewall filter recommendations and such until a firmware update is available.
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
Thanks in advance!
Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: FurryNutz on May 29, 2018, 06:48:24 AM
Do you have one of the following effected devices?

    Linksys E1200
    Linksys E2500
    Linksys WRVS4400N
    Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
    Netgear DGN2200
    Netgear R6400
    Netgear R7000
    Netgear R8000
    Netgear WNR1000
    Netgear WNR2000
    QNAP TS251
    QNAP TS439 Pro
    Other QNAP NAS devices running QTS software
    TP-Link R600VPN

These were only listed and mentioned throughout the articles...


I apologize if this is not the right place to post this but the FBI has released notice that at least over 500k home and small business routers are infected. Any idea about what D-Link users can do beside a reboot and factory reset. We've done both these things but would love some firewall filter recommendations and such until a firmware update is available.
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
Thanks in advance!
Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: AmyC on May 29, 2018, 08:08:41 AM
Quote
Do you have one of the following effected devices?
No. But they are stating these devices are likely just the tip of the iceberg (aka the one's they know about thus far).
"And since itís unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices, not just the 14 devices identified by Cisco, to reboot."
https://www.digitaltrends.com/computing/vpnfilter-malware-router-reboot/
Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: FurryNutz on May 29, 2018, 08:16:27 AM
Well nothing has been posted by D-Link as if yet. If your concerned about this, you can submit here:
https://support.dlink.com/ReportVulnerabilities.aspx (https://support.dlink.com/ReportVulnerabilities.aspx)

Until something is posted by D-Link, I would not worry about it too much. You can of course follow the recommendations for the other Mfrs of rebooting and disabling remote management in mean time.

D-Link is aware of all of this already I'm sure.  ::)

Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: AmyC on May 29, 2018, 08:35:38 AM
Did you read my original post? I was just asking if anyone had recommendations for firewall rules, etc. That's all. I'm bright enough to know that D-Link is likely aware of the problem and wasn't trying to start a panic. No need to use sarcastic emojis. If you don't know of anything you need not respond.
Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: FurryNutz on May 29, 2018, 08:41:01 AM
Please don't take my comment out of context. All I was doing was to inform you of places to notify D-Link of your concerns. I have asked D-Link for information on this. Please be patient.
Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: FurryNutz on May 29, 2018, 10:03:16 AM
http://forums.dlink.com/index.php?topic=73734.0;topicseen (http://forums.dlink.com/index.php?topic=73734.0;topicseen)
Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: GreenBay42 on May 29, 2018, 10:16:50 AM
No known issues with D-Link products

Official Statement - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085 (https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085)

What router do you have?

As far as making your network as secure as possible:

1. Turn off your router if not needed at night or when you are away (unless you have security cams/systems).
2. Disable UPnP on your router.
3. Make sure ALL your clients (computers, phones, printers, etc) have the latest updates, drivers, and firmware). Clients can cause more security issues than routers (i.e. KRACK).
4. If your router supports MAC filtering, enable it and only add your clients.
5. Disable guest mode if not using it. Most routers should have it off by default.
6. Change your admin, user, and wi-fi passwords often.
7. Make sure you are using WPA2 - AES only for your wi-fi encryption.
8. Turn on SPI and Anti-Spoof checking - usually in the Firewall section. Enable IPv6 simple security/ingress filtering if your router supports it. Also if you are not using a VPN on your network, disable IPSec and PPTP,
9. Be smart when opening emails and visiting websites. Try to use HTTPS.
10. Make sure your java/javascript is up-to-date. Go to java.com. If you have a 64-bit OS, make sure you are installing the 32-bit version first, then the 64-bit.
11. Make sure your antivirus is up to date on your computer and mobile devices. Avast has a "router" scan. It always says there may be a problem until you actually run the scan.
12. Enable CAPTCHA for your router login - Management > Admin on newer dlink routers.
13. Disable remote access if enabled.

Hope this helps.

Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: FurryNutz on May 29, 2018, 10:19:45 AM
I believe she has the 882 from looking at historical posts...
Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: CoDeCX999 on May 29, 2018, 12:21:18 PM
Hi peoples.

I read about this news today.

http://exameinformatica.sapo.pt/noticias/internet/2018-05-24-VPNFilter-FBI-desmantelou-endereco-que-infetou-mais-de-500-mil-routers-e-NAS

 ;)    8) 

Although I work in the area of Technology, we will always be able to breaches is never 100% safe.

tks
Title: Re: VPNFilter can survive reboots and contains destructive "kill" function
Post by: AmyC on May 31, 2018, 05:09:53 AM
Hey, thanks for this. :) There are a few things like captcha we hadn't done. I loathe it but will implement it nonetheless. We have a DIR-882 running FW: 1.10

No known issues with D-Link products

Official Statement - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085 (https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085)

What router do you have?

As far as making your network as secure as possible:

1. Turn off you router if not needed at night or when you are away (unless you have security cams/systems).
2. Disable UPnP on your router.
3. Make sure ALL your clients (computers, phones, printers, etc) have the latest updates, drivers, and firmware). Clients can cause more security issues than routers (i.e. KRACK).
4. If your router supports MAC filtering, enable it and only add your clients.
5. Disable guest mode if not using it. Most routers should have it off by default.
6. Change your admin, user, and wi-fi passwords often.
7. Make sure you are using WPA2 - AES only for your wi-fi encryption.
8. Turn on SPI and Anti-Spoof checking - usually in the Firewall section. Enable IPv6 simple security/ingress filtering if your router supports it. Also if you are not using a VPN on your network, disable IPSec and PPTP,
9. Be smart when opening emails and visiting websites. Try to use HTTPS.
10. Make sure your java/javascript is up-to-date. Go to java.com. If you have a 64-bit OS, make sure you are installing the 32-bit version first, then the 64-bit.
11. Make sure your antivirus is up to date on your computer and mobile devices. Avast has a "router" scan. It always says there may be a problem until you actually run the scan.
12. Enable CAPTCHA for your router login - Management > Admin on newer dlink routers.
13. Disable remote access if enabled.

Hope this helps.