VPNFilter malware targets ASUS and DLINK routers now also and injects code into WWW

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Jun 7, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    43,819
    Likes Received:
    10,958
    GPU:
    AMD | NVIDIA
    fantaskarsef likes this.
  2. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    12,990
    Likes Received:
    5,572
    GPU:
    2080Ti @h2o
    Stupid question, do these attacks also target routers that are flashed with a custom firmware?
    My router (AC87U) is not on the list yet, but who knows. I'm running Merlin firmware, hence I'm asking.
     
  3. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    43,819
    Likes Received:
    10,958
    GPU:
    AMD | NVIDIA
    Doubtful, however, you would be wise to ask this question in their support forums.
     
    fantaskarsef likes this.
  4. RealNC

    RealNC Ancient Guru

    Messages:
    3,669
    Likes Received:
    1,865
    GPU:
    EVGA GTX 980 Ti FTW
    Hm. I'm not seeing the Asus DSL devices, only the RT ones, even though the DSL routers are just the RT routers with an internal DSL modem added to them?
     

  5. k3vst3r

    k3vst3r Ancient Guru

    Messages:
    3,580
    Likes Received:
    106
    GPU:
    KP3090 G9 240Hz
    Okay after seeing asus is now affected by this exploit, I checked my log to see anything suspicious activity. This looks unusual to be fair?


    Jun 7 10:43:01 ddns update: connected to nwsrv-ns1.asus.com (103.10.4.108) on port 80.
    Jun 7 10:43:04 ddns update: Asus update entry:: return: HTTP/1.1 299 |Invalid IP format| 192.168.0.10^M Date: Thu, 07 Jun 2018 10:43:00 GMT^M Server: Apache^M X-Powered-By: PHP/5.6.30^M Content-Length: 0^M Content-Type: text/html; charset=UTF-8^M ^M
    Jun 7 10:43:04 ddns update: retval= 1, ddns_return_code (,299)
    Jun 7 10:43:04 ddns update: asusddns_update: 1
    Jun 7 10:43:04 dhcp client: bound 192.168.0.10 via 192.168.0.1 during 864000 seconds.
    Jun 7 10:43:04 ntp: start NTP update
     
  6. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    43,819
    Likes Received:
    10,958
    GPU:
    AMD | NVIDIA
    Nah, that's your router fetching an update from asus.
     
    k3vst3r, airbud7 and fantaskarsef like this.
  7. DeskStar

    DeskStar Maha Guru

    Messages:
    1,307
    Likes Received:
    229
    GPU:
    EVGA 3080Ti/3090FTW
    Wholly hell..... Now my Netgear router is up there....

    These "attacks" as of late have been seriously disappointing to say the least... Gone are the days of just happily leaving your computer running while you take care of shtuff here and there.
     
  8. Srsbsns

    Srsbsns Member Guru

    Messages:
    187
    Likes Received:
    54
    GPU:
    RX Vega 64 Liquid
    Anyone know what the WNDR4300-TN is? I dont seem to be able to recognize that as a Netgear product. There is the WNDR4300 and WNDR4300v2. The list is unclear
     
  9. lucidus

    lucidus Ancient Guru

    Messages:
    11,835
    Likes Received:
    1,379
    GPU:
    .
    My Asus RT-1200G+ isn't on the list but I did restart the router when the previous exploit was reported. I hope that's enough for now and Asus publishes a security update.
     
  10. Fox2232

    Fox2232 Ancient Guru

    Messages:
    11,809
    Likes Received:
    3,369
    GPU:
    6900XT+AW@240Hz
    I wonder if attack vector is still mainly through use of default passwd.
    And it looks like, this is aimed to cause wide area DOS/internet blackout.
     

  11. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    2,324
    Likes Received:
    347
    GPU:
    RTX3090 GB GamingOC
    I've got a bad feeling that the internet will become so vulnerable to "attacks" that the government will have to take control in some way and there will be strict rules put in place, like everyone must have an MS account and use it constantly. Let's hope it doesn't get that bad but i can imagine it happening one day.
     
  12. Fox2232

    Fox2232 Ancient Guru

    Messages:
    11,809
    Likes Received:
    3,369
    GPU:
    6900XT+AW@240Hz
    Then I could see people coming with idea of Pirate, over the air parallel network. (Pirate means, not being controlled by such law.)
     
  13. carnivore

    carnivore Member

    Messages:
    28
    Likes Received:
    6
    GPU:
    AMD HD7970
    That looks like TP-Link.
     
  14. sykozis

    sykozis Ancient Guru

    Messages:
    22,086
    Likes Received:
    1,237
    GPU:
    MSI RX5700
    Now I'm glad my WNDR3700 is no longer in service.... My R6250 hasn't made the list quite yet, but I expect it to over time...

    It's a wireless access point according to Netgear.

    No, it's a Netgear product. It's a wireless AP. It's even on Netgear's own Security Advisory list...
    https://kb.netgear.com/000058814/Security-Advisory-for-VPNFilter-Malware-on-Some-NETGEAR-Devices
     
  15. Yxskaft

    Yxskaft Maha Guru

    Messages:
    1,485
    Likes Received:
    120
    GPU:
    GTX Titan Sli
    The WNDR3700 is supported by OpenWRT though so it might get an update, if it's not already secure.
     

  16. sykozis

    sykozis Ancient Guru

    Messages:
    22,086
    Likes Received:
    1,237
    GPU:
    MSI RX5700
    WNDR3700 is on the list of "vulnerable" routers from Netgear... My particular WNDR3700 runs the Netgear supplied firmware. At this point, I wouldn't waste time transitioning such an old router to OpenWRT. It's an old N600 router. Better off just to replace it with something newer, that isn't listed as vulnerable to the "VPNFilter" malware...
     

Share This Page