Announcements > Security Advisories

VPNFilter can survive reboots and contains destructive "kill" function

(1/3) > >>

AmyC:
I apologize if this is not the right place to post this but the FBI has released notice that at least over 500k home and small business routers are infected. Any idea about what D-Link users can do beside a reboot and factory reset. We've done both these things but would love some firewall filter recommendations and such until a firmware update is available.
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
Thanks in advance!

FurryNutz:
Do you have one of the following effected devices?

    Linksys E1200
    Linksys E2500
    Linksys WRVS4400N
    Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
    Netgear DGN2200
    Netgear R6400
    Netgear R7000
    Netgear R8000
    Netgear WNR1000
    Netgear WNR2000
    QNAP TS251
    QNAP TS439 Pro
    Other QNAP NAS devices running QTS software
    TP-Link R600VPN

These were only listed and mentioned throughout the articles...



--- Quote from: AmyC on May 29, 2018, 05:24:42 AM ---I apologize if this is not the right place to post this but the FBI has released notice that at least over 500k home and small business routers are infected. Any idea about what D-Link users can do beside a reboot and factory reset. We've done both these things but would love some firewall filter recommendations and such until a firmware update is available.
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
Thanks in advance!

--- End quote ---

AmyC:

--- Quote ---Do you have one of the following effected devices?
--- End quote ---
No. But they are stating these devices are likely just the tip of the iceberg (aka the one's they know about thus far).
"And since it’s unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices, not just the 14 devices identified by Cisco, to reboot."
https://www.digitaltrends.com/computing/vpnfilter-malware-router-reboot/

FurryNutz:
Well nothing has been posted by D-Link as if yet. If your concerned about this, you can submit here:
https://support.dlink.com/ReportVulnerabilities.aspx

Until something is posted by D-Link, I would not worry about it too much. You can of course follow the recommendations for the other Mfrs of rebooting and disabling remote management in mean time.

D-Link is aware of all of this already I'm sure.  ::)

AmyC:
Did you read my original post? I was just asking if anyone had recommendations for firewall rules, etc. That's all. I'm bright enough to know that D-Link is likely aware of the problem and wasn't trying to start a panic. No need to use sarcastic emojis. If you don't know of anything you need not respond.

Navigation

[0] Message Index

[#] Next page