A week or two ago we reported about VPNFilter malware. A command and control server was recently caught by the FBI, however now it malware appears to target new router types and does so with new feat... VPNFilter malware targets ASUS and DLINK routers now also and injects code into WWW
Stupid question, do these attacks also target routers that are flashed with a custom firmware? My router (AC87U) is not on the list yet, but who knows. I'm running Merlin firmware, hence I'm asking.
Hm. I'm not seeing the Asus DSL devices, only the RT ones, even though the DSL routers are just the RT routers with an internal DSL modem added to them?
Okay after seeing asus is now affected by this exploit, I checked my log to see anything suspicious activity. This looks unusual to be fair? Jun 7 10:43:01 ddns update: connected to nwsrv-ns1.asus.com (103.10.4.108) on port 80. Jun 7 10:43:04 ddns update: Asus update entry:: return: HTTP/1.1 299 |Invalid IP format| 192.168.0.10^M Date: Thu, 07 Jun 2018 10:43:00 GMT^M Server: Apache^M X-Powered-By: PHP/5.6.30^M Content-Length: 0^M Content-Type: text/html; charset=UTF-8^M ^M Jun 7 10:43:04 ddns update: retval= 1, ddns_return_code (,299) Jun 7 10:43:04 ddns update: asusddns_update: 1 Jun 7 10:43:04 dhcp client: bound 192.168.0.10 via 192.168.0.1 during 864000 seconds. Jun 7 10:43:04 ntp: start NTP update
Wholly hell..... Now my Netgear router is up there.... These "attacks" as of late have been seriously disappointing to say the least... Gone are the days of just happily leaving your computer running while you take care of shtuff here and there.
Anyone know what the WNDR4300-TN is? I dont seem to be able to recognize that as a Netgear product. There is the WNDR4300 and WNDR4300v2. The list is unclear
My Asus RT-1200G+ isn't on the list but I did restart the router when the previous exploit was reported. I hope that's enough for now and Asus publishes a security update.
I wonder if attack vector is still mainly through use of default passwd. And it looks like, this is aimed to cause wide area DOS/internet blackout.
I've got a bad feeling that the internet will become so vulnerable to "attacks" that the government will have to take control in some way and there will be strict rules put in place, like everyone must have an MS account and use it constantly. Let's hope it doesn't get that bad but i can imagine it happening one day.
Then I could see people coming with idea of Pirate, over the air parallel network. (Pirate means, not being controlled by such law.)
Now I'm glad my WNDR3700 is no longer in service.... My R6250 hasn't made the list quite yet, but I expect it to over time... It's a wireless access point according to Netgear. No, it's a Netgear product. It's a wireless AP. It's even on Netgear's own Security Advisory list... https://kb.netgear.com/000058814/Security-Advisory-for-VPNFilter-Malware-on-Some-NETGEAR-Devices
WNDR3700 is on the list of "vulnerable" routers from Netgear... My particular WNDR3700 runs the Netgear supplied firmware. At this point, I wouldn't waste time transitioning such an old router to OpenWRT. It's an old N600 router. Better off just to replace it with something newer, that isn't listed as vulnerable to the "VPNFilter" malware...
