HALF A MILLION INFECTED ROUTERS
VPNFilter IoT malware gets everywhere
A SOPHISTICATED PIECE of malware, originating from a Russian group of hackers, has quietly found its way into over half a million routers worldwide. It’s a botnet that can steal data, deliver malicious payloads, the “man in the middle” attack, and kill infected devices. It communicates via Tor, and survives a reboot. Sounds scary. It’s largely been aimed at small and home office routers, and NAS devices. The kind of gear that may not be carefully updated or monitored.
VPNFilter received instructions from metadata hidden in images on Photobucket, or the toknowall.com domain. The Photobucket images have been removed, and the FBI has shut down the backup domain. This still leaves those infected routers out there, though. A hard reset, a return to factory default settings, should clear the infection, although it is advisable to check individual manufacturers’ advice.