Actuarial Outpost
 
Go Back   Actuarial Outpost > Actuarial Discussion Forum > Software & Technology
FlashChat Actuarial Discussion Preliminary Exams CAS/SOA Exams Cyberchat Around the World Suggestions


Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 06-12-2018, 12:50 AM
Incredible Hulctuary's Avatar
Incredible Hulctuary Incredible Hulctuary is offline
Member
Non-Actuary
 
Join Date: Jan 2002
Posts: 25,261
Default Router malware "VPNFilter"

This broke into the news a couple weeks ago, but it turns out to be worse than originally thought. The expanded list of known affected routers is below. "New" means it was added after the originally published list.

From what I've read and watched elsewhere on the internet, I gather that the main circumstances that they exploit to get your router infected are (1) routers that still have the default admin password, which would enable JavaScript on an infected web page or other malware on your internal network to get into the router, or (2) routers that allow admin access from the WAN (internet side). But the list is too long for them to get into specific details of how each model of router otherwise got infected.

A reboot clears out stage 2 and 3 of the malware, the most dangerous parts, but a factory reset (or probably firmware overwrite) is required to remove stage 1.


https://arstechnica.com/information-...an-we-thought/

Asus Devices:
RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

D-Link Devices:
DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

Huawei Devices:
HG8245 (new)

Linksys Devices:
E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

Mikrotik Devices:
CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)

Netgear Devices:
DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

QNAP Devices:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-Link Devices:
R600VPN
TL-WR741ND (new)
TL-WR841N (new)

Ubiquiti Devices:
NSM2 (new)
PBE M5 (new)

Upvel Devices:
Unknown Models* (new)

ZTE Devices:
ZXHN H108N (new)
__________________
The forest was shrinking, but the trees kept voting for the axe because its handle was made from wood, and they thought it was one of them.

Last edited by Incredible Hulctuary; 06-12-2018 at 12:53 AM..
Reply With Quote
  #2  
Old 06-12-2018, 10:02 AM
ian grey ian grey is offline
Member
 
Join Date: Sep 2004
Posts: 916
Default

Thanks for posting this
Reply With Quote
  #3  
Old 06-12-2018, 04:41 PM
Ostrich's Avatar
Ostrich Ostrich is offline
Member
 
Join Date: Jun 2010
Posts: 2,091
Default

I find all of these security bulletins severely lacking. With very few exceptions, they never give a clear picture on the attack vector and how to know if you are vulnerable. My router has never had WAN access and I changed the admin password before ever putting it online, yet I have no idea if I should be worried about this.
__________________
I don't like you, Ginormous
Reply With Quote
  #4  
Old 06-13-2018, 09:36 AM
atfl atfl is offline
Member
CAS AAA
 
Join Date: Nov 2010
Posts: 443
Default

Quote:
Originally Posted by Ostrich View Post
I find all of these security bulletins severely lacking. With very few exceptions, they never give a clear picture on the attack vector and how to know if you are vulnerable. My router has never had WAN access and I changed the admin password before ever putting it online, yet I have no idea if I should be worried about this.
Ditto and I check for firmware updates regularly, can't remember the last time Netgear put one out.

I wish my model could be flashed to use something I have more control over...
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 08:15 PM.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
*PLEASE NOTE: Posts are not checked for accuracy, and do not
represent the views of the Actuarial Outpost or its sponsors.
Page generated in 0.31783 seconds with 9 queries