I updated my Mikrotik router last night.

Moved to more appropriate sub-forum.

     >Moved to more appropriate sub-forum.<

Ta … mea culpa 

Talos (security arm of Cisco) say - 

The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues.

What is unknown is how it ‘gets in’ to an individual’s set up, or if AV will protect, or if it also applies to modem-router-computer devices set ups … a little light on information but bound to spread panic <g>.

I was contacted by my ISP (Slingsot) Friday to say my Asus router (AC68U) was probably hacked and told to go back to the ISP provided router.

FYI I had previously installed the latest official firmware (Version 3.0.0.4.384.20942).

I have reached out to Asus.

Best practice is to reapply latest firmware.

My concern is that there is probably an unpatched vulnerability in the wild so I am reluctant to power up the Asus.

Not officially VPNFilter but worrying.

I dont see any mention of this being addressed in the lattest Mikrotik changelog, but I have just updated all mine to 6.42.3

Cyril

Also apparently restarting is ok in most situations but the worm seems to use three different stages and if it's made changes to the configuration files (stage 2 and 3) then only a factory reset will do it.

*snap*

cyril7:

 

I dont see any mention of this being addressed in the lattest Mikrotik changelog, but I have just updated all mine to 6.42.3

 

Cyril

 

Official Mikrotik statement here

This is an exploit of the issue patched in 6.38.5 (2017-Mar-09 11:32)

Just checked QNAP's website and found their press release about it here

tl;dr - they fixed it in 2017.  Provided you've got the latest QTS, it should be fine.

More routers on the list affected by VPNfilter...

https://www.tomshardware.com/news/cisco-discovers-new-vpnfilter-capabilities,37224.html

Seems to be targeting busybox on either MIPS or Intel processors. There are a couple of firewall products that use busybox ;)