-
How to get rid of VPNFilter malware (even though you don’t know if your router is infected)
Ars Technica reported today that the VPNFilter malware targets a much larger number of devices than previously thought (200,000 additional routers were added to the initial estimate of 500,000). And it is more powerful than revealed in original analysis.
VPNFilter’s elaborate design involves three stages. Stage 1 acts as a backdoor that uses a sophisticated mechanism to locate stage 2 and stage 3 payloads and installs them. FBI’s seizure of a command and control server might have stopped some ways to deliver stage 2 and stage 3 payloads, but did not stop the spread of the malware.
A router reboot, as initially recommended by the FBI, will remove stage 2 and stage 3 payloads, but will not get rid of the stage 1 backdoor. The possibility exists that even a router factory reset may not get rid of stage 1 completely.
How do you know your router is affected? A list of affected router models is available here. But keep in mind that the list is growing. The list today is much longer than it was just a few days ago.
There’s no easy way to tell if your router is infected. If you have any suspicion that your router might be infected, you might as well perform the procedure to get rid of it as if there is an infection. Here’s our recommendation on how to completely get rid of VPNFilter:
- Preparation: find out how to upgrade firmware for your router (read the manual, search the web, or simply poking around the router management console).
- Download the latest firmware image for your router from the router manufacturer’s official web site. Make sure you are using HTTPS and see the green lock on the left of the URL address bar.
- Disconnect the router from the Internet, and keep it disconnected for the rest of the steps.
- Factory reset your router. The procedure is different for different routers, but usually involves holding down the small “Reset” button and doing something. Read the manual.
- Connect a PC, preferably by wire, to the router. Upgrade the firmware with the image downloaded in Step 2.
- After the router reboot, change the router password. Choose a strong password.
- Double check that remote management is turned off. It should be off by default, but verify anyway.
- Reconnect Internet.
After reconnecting your router to the Internet, do these 4 checks to make sure that your router is reasonably safe.
Recent Posts
- How to reset the pcWRT router
- How to create your SSH key and use it on the router
- How to reset router password by email
- How to set up SurfShark WireGuard VPN on the pcWRT router
- How to set up Proton VPN WireGuard on the pcWRT router
Recent Comments
- on How to create your SSH key and use it on the router
- on How to create your SSH key and use it on the router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to enable native dynamic DNS on the pcWRT router
Archives
- April 2024
- March 2024
- August 2023
- May 2023
- February 2023
- June 2022
- December 2021
- November 2021
- August 2021
- January 2021
- December 2020
- October 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- February 2020
- January 2020
- December 2019
- October 2019
- December 2018
- August 2018
- July 2018
- June 2018
- January 2018
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- January 2017
- August 2016
- May 2016
- December 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
Categories
