VPNFilter - නවතම රවුටර් මැල්වෙයා වෛරසය

Systems Affected

The devices include the following vendors:

  1. Linksys E1200
  2. Linksys E2500
  3. Linksys WRVS4400N
  4. Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  5. Netgear DGN2200
  6. Netgear R6400
  7. Netgear R7000
  8. Netgear R8000
  9. Netgear WNR1000
  10. Netgear WNR2000
  11. QNAP TS251
  12. QNAP TS439 Pro
  13. Other QNAP NAS devices running QTS software
  14. TP-Link R600VPN

While the above are the currently known routers that can be infected with VPNFilter, there is no guarantee that they are the only ones.

Threat Level: High

Overview

VPNFilter is a malware that targets routers and NAS devices in order to steal files, information, and examine network traffic as it flows through the device. It is a multi-staged piece of malware where Stage 1 makes the connection, Stage 2 delivers the goods, and Stage 3 acts as plugins for Stage 2. These include a packet sniffer for spying on traffic that is routed through the device, including theft of website credentials and monitoring of Modbus SCADA protocols. Another Stage 3 module allows Stage 2 to communicate using Tor."

VPNFilter "is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot,"

Description

When the VPNFilter malware is installed, it will consist of three different stages, with each stage performing specific functions.

Stage 1 is installed first and allows the malware to stay persistent even when the router is rebooted.

Stage 2 allows the attackers execute commands and steal data. This stage also contains a self-destruct ability that essentially makes the router, and thus your network connection, non-functional.

Stage 3 consists of various plugins that can be installed into the malware that allow it to perform different functionality such as sniff the network, monitor SCADA communication, and to communicate over TOR.

While Stage 1 will run again after a router is rebooted, Stage 2 and 3 will not.

Solution/ Workarounds

To completely remove VPNFilter and protect the router from being infected again, the following steps should be followed:

  1. Reset router to factory defaults
  2. Upgrade to the latest firmware
  3. Change the default admin password
  4. Disable Remote Administration

References

https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

https://www.bleepingcomputer.com/news/security/reboot-your-router-to-remove-vpnfilter-why-its-not-enough/

https://www.pcmag.com/news/361431/is-your-router-vulnerable-to-vpnfilter-malware

https://www.cert.govt.nz/it-specialists/advisories/advisory/vpnfilter-malware/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Rate this item
(0 votes)

Leave a comment

Please do not enter any marketing or illegal statements | කරුණාකර අලෙවිකරණ හෝ නීති විරෝධී ප්‍රකාශන ඇතුළත් නොකරන්න.

Join Our YouTube Channel

පරිගණක විද්‍යාව ගැන, හැකින් ගැන, මනෝවිද්‍යාත්මක කරුණු වගේම මුල්‍ය ශාක්ෂරතාවය පිළිබඳ වීඩියෝ පාඩම් සිංහලෙන්ම ඉගෙන ගන්න ඔබත් අදම මේ දැන්ම මගේ YouTube නාලිකාවත් සමඟ එකතු වෙන්න. එන්න පහත ලින්ක් එකට ගිහින් Subscribe කරන්න.
Link: https://www.youtube.com/c/KDKTECICTProfessionalsInSriLanka 

කාණ්ඩ අනුව ලිපි එකතුව

PCWORLD SMS Alert Service

දින අනුව ලිපි සංරක්ෂිතය

« September 2019 »
Mon Tue Wed Thu Fri Sat Sun
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

පැමිණීම් ගණකය

003098976
අද දිනය
ඊයේ දිනයේ
මෙම සතියේ
පසුගිය සතියේ
මෙම මාසයේ
පසුගිය මාසයේ
සියළු දිනවල
228
3988
13029
2552015
82274
200893
3098976
ඔබේ අයිපී අංකය: 18.206.16.123
2019-09-18 03:05

දවසේ වීඩියෝව

Subscribe to PC WORLD Magazine

Joomla forms builder by JoomlaShine
Go to top