VPN filter malware: What you need to know

For the past month, the news, while muddled by the Washington crisis du jour, has been abuzz over the latest attack on our computer systems. VPN filter, unlike most other malware problems we encounter, targets your router, in three stages. Stage 1 is the initial infection, From the research, it looks as though metadata embedded in PhotoBucket images are the initial method of attack. Once you download the image, the metadata grabs the IP Address of the router and sends it to the infection server.

Stage two is the command and control portion of the attack. This portion verifies the initial infection and executes instructions to complete Stage two.

Stage three is the plugin aspect of the infection. The infection server sends update packages to your router for whatever their ultimate aim might be. The Russians in this instance could be after our information or could be building an army of routers to stage large attacks on our servers in this country.

While it makes sense to reboot your router to make sure there is no infection, you will lose all specific settings. If you had your own personal Wireless Name, you will have to re-enter that info.

VPNFilter malware courtesy of https://blog.talosintelligence.com/2018/05/VPNFilter.html
image courtesy of Talos Intelligence

This situation will take more than running a virus scan to resolve. For those of you using the AT&T and/or Spectrum routers, there is no proof that any routers from that company that do not appear on the below list, are affected. It is better to be safe than sorry. Check the list below to see if your model number appears

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

“No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues,” according to Cisco Talos, which first reported the bug.

To date, Cisco Talos estimates that at least 500,000 in at least 54 countries have been hit by VPNFilter.

The feds believe Russian group Fancy Bear, a hacking group also known as APT28 and Sofacy Group, are the creators of this attack. Fancy Bear has affected governments worldwide and stolen confidential files from the Democratic National Committee during the 2016 election.

If you need assistance securing your router, we are offering a Summer Cleanup and Router Security.

For $99.00 we can remote into your network, perform system cleanups on your computers and check your router to ensure your family’s safety. If you are interested in signing up click below:

[wufoo username=”digitaltraffic” formhash=”zkdver51sgji6l” autoresize=”true” height=”929″ header=”show” ssl=”true”]



Sources: Cisco Talos Website, PC Magazine, Axios Website


computer repair, laptop repair., remote support, VPN Filter Malware

You may also like

Subscribe to our newsletter now!