VPNFilter malware targets ASUS and DLINK routers now also and injects code into WWW
Click here to post a comment for VPNFilter malware targets ASUS and DLINK routers now also and injects code into WWW on our message forum
fantaskarsef
Stupid question, do these attacks also target routers that are flashed with a custom firmware?
My router (AC87U) is not on the list yet, but who knows. I'm running Merlin firmware, hence I'm asking.
Hilbert Hagedoorn
Administrator
Doubtful, however, you would be wise to ask this question in their support forums.
RealNC
Hm. I'm not seeing the Asus DSL devices, only the RT ones, even though the DSL routers are just the RT routers with an internal DSL modem added to them?
k3vst3r
Okay after seeing asus is now affected by this exploit, I checked my log to see anything suspicious activity. This looks unusual to be fair?
Jun 7 10:43:01 ddns update: connected to nwsrv-ns1.asus.com (103.10.4.108) on port 80.
Jun 7 10:43:04 ddns update: Asus update entry:: return: HTTP/1.1 299 |Invalid IP format| 192.168.0.10^M Date: Thu, 07 Jun 2018 10:43:00 GMT^M Server: Apache^M X-Powered-By: PHP/5.6.30^M Content-Length: 0^M Content-Type: text/html; charset=UTF-8^M ^M
Jun 7 10:43:04 ddns update: retval= 1, ddns_return_code (,299)
Jun 7 10:43:04 ddns update: asusddns_update: 1
Jun 7 10:43:04 dhcp client: bound 192.168.0.10 via 192.168.0.1 during 864000 seconds.
Jun 7 10:43:04 ntp: start NTP update
Hilbert Hagedoorn
Administrator
Nah, that's your router fetching an update from asus.
DeskStar
Wholly hell..... Now my Netgear router is up there....
These "attacks" as of late have been seriously disappointing to say the least... Gone are the days of just happily leaving your computer running while you take care of shtuff here and there.
Srsbsns
Anyone know what the WNDR4300-TN is? I dont seem to be able to recognize that as a Netgear product. There is the WNDR4300 and WNDR4300v2. The list is unclear
lucidus
My Asus RT-1200G+ isn't on the list but I did restart the router when the previous exploit was reported. I hope that's enough for now and Asus publishes a security update.
Fox2232
I wonder if attack vector is still mainly through use of default passwd.
And it looks like, this is aimed to cause wide area DOS/internet blackout.
Reddoguk
I've got a bad feeling that the internet will become so vulnerable to "attacks" that the government will have to take control in some way and there will be strict rules put in place, like everyone must have an MS account and use it constantly. Let's hope it doesn't get that bad but i can imagine it happening one day.
Fox2232
Then I could see people coming with idea of Pirate, over the air parallel network. (Pirate means, not being controlled by such law.)
carnivore
That looks like TP-Link.
sykozis
Now I'm glad my WNDR3700 is no longer in service.... My R6250 hasn't made the list quite yet, but I expect it to over time...
It's a wireless access point according to Netgear.
No, it's a Netgear product. It's a wireless AP. It's even on Netgear's own Security Advisory list...
https://kb.netgear.com/000058814/Security-Advisory-for-VPNFilter-Malware-on-Some-NETGEAR-Devices
Yxskaft
The WNDR3700 is supported by OpenWRT though so it might get an update, if it's not already secure.
sykozis
WNDR3700 is on the list of "vulnerable" routers from Netgear... My particular WNDR3700 runs the Netgear supplied firmware. At this point, I wouldn't waste time transitioning such an old router to OpenWRT. It's an old N600 router. Better off just to replace it with something newer, that isn't listed as vulnerable to the "VPNFilter" malware...
