Researchers in the field of security recently discovered that at least 500 thousand routers in service among ordinary users and companies infected by malware VPNFilter, the previous version which was previously spread on the territory of Ukraine. At the moment the program was found in 54 countries, and its possibilities are very dangerous.
A group of cybersecurity Cisco Talos reports that VPNFilter likely supported a particular nation. Initially, the program itself is a spyware but it found the function “self-destruct”. It is believed that this feature can be running on each infected device. Under threat are the router manufacturers Linksys, MikroTik, NETGEAR and TP-Link.
VPNFilter allows attackers to monitor Internet traffic to intercept user data and exchange data through the Tor network. In Cisco Talos assume the existence of the other plugins that have not yet been discovered.
The function “self-destruct”, which was mentioned earlier, deletes important part of the device firmware that may at some point to sow chaos.
To protect yourself from VPNFilter extremely difficult. In routers for home and small business too little protection. It will be even harder to get rid of the malware, because many users are not even aware of the ability to update the software of their router.
All at the moment, can make the owners of the devices, which are under threat, it restore the factory settings on the router and maintaining firmware. While there is no guarantee that these actions will protect against infection.
Half a million routers can be turned off VPNFilter
Ernest Vasilevskiy