Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)VPNFilter virus
Rickles

2933 posts

Uber Geek

Trusted

#236269 26-May-2018 12:33
Send private message

Just read about THIS.

 

Any news or comments?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
SaltyNZ
8221 posts

Uber Geek

Trusted
2degrees
Lifetime subscriber

  #2022959 26-May-2018 13:03
Send private message

I updated my Mikrotik router last night.




iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.



freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2022960 26-May-2018 13:04
Send private message

Moved to more appropriate sub-forum.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

Rickles

2933 posts

Uber Geek

Trusted

  #2022962 26-May-2018 13:10
Send private message

     >Moved to more appropriate sub-forum.<

 

Ta … mea culpa sealed

 

Talos (security arm of Cisco) say - 

 

The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues.

 

What is unknown is how it ‘gets in’ to an individual’s set up, or if AV will protect, or if it also applies to modem-router-computer devices set ups … a little light on information but bound to spread panic <g>.



prob
225 posts

Master Geek


  #2023175 27-May-2018 08:22
Send private message

I was contacted by my ISP (Slingsot) Friday to say my Asus router (AC68U) was probably hacked and told to go back to the ISP provided router.

 

FYI I had previously installed the latest official firmware (Version 3.0.0.4.384.20942).

 

I have reached out to Asus.

 

Best practice is to reapply latest firmware.

 

My concern is that there is probably an unpatched vulnerability in the wild so I am reluctant to power up the Asus.

 

Not officially VPNFilter but worrying.

gzt

gzt
17106 posts

Uber Geek

Lifetime subscriber

  #2023231 27-May-2018 09:26
Send private message

FBI says restart it:

cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2023234 27-May-2018 09:33
Send private message

I dont see any mention of this being addressed in the lattest Mikrotik changelog, but I have just updated all mine to 6.42.3

 

Cyril

gzt

gzt
17106 posts

Uber Geek

Lifetime subscriber

  #2023238 27-May-2018 09:37
Send private message

Symantec says mikrotec already updated may 2017:

https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

gzt

gzt
17106 posts

Uber Geek

Lifetime subscriber

  #2023247 27-May-2018 09:45
Send private message

Apparently the FBI advice to restart removes only stage 2 and 3:

https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/

Factory reset and firmware update, etc required to prevent reinfection.

freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2023248 27-May-2018 09:47
Send private message

Also apparently restarting is ok in most situations but the worm seems to use three different stages and if it's made changes to the configuration files (stage 2 and 3) then only a factory reset will do it.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2023250 27-May-2018 09:50
Send private message

*snap*




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

RunningMan
8953 posts

Uber Geek


  #2023281 27-May-2018 10:52
Send private message

cyril7:

 

I dont see any mention of this being addressed in the lattest Mikrotik changelog, but I have just updated all mine to 6.42.3

 

Cyril

 

 

Official Mikrotik statement here

 

This is an exploit of the issue patched in 6.38.5 (2017-Mar-09 11:32)

Lizard1977
2060 posts

Uber Geek

ID Verified

  #2024007 28-May-2018 15:49
Send private message

Just checked QNAP's website and found their press release about it here

 

tl;dr - they fixed it in 2017.  Provided you've got the latest QTS, it should be fine.

Gordy7
1906 posts

Uber Geek

ID Verified
Lifetime subscriber

  #2031230 7-Jun-2018 09:19
Send private message

More routers on the list affected by VPNfilter...

 

https://www.tomshardware.com/news/cisco-discovers-new-vpnfilter-capabilities,37224.html

 

 




Gordy

 

My first ever AM radio network connection was with a 1MHz AM crystal(OA91) radio receiver.

vulcannz
436 posts

Ultimate Geek
Inactive user


  #2031544 7-Jun-2018 16:15
Send private message

Seems to be targeting busybox on either MIPS or Intel processors. There are a couple of firewall products that use busybox ;)

kyhwana2
2566 posts

Uber Geek


  #2031547 7-Jun-2018 16:29
Send private message

Note that if you have the management interfaces exposed to the internet without 2fa or with re-used or bruteforcable credentials, your patch level won't matter, as your CPE's can be infected via bruteforcing/cred reuse.

 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright