FBI Alert: Protecting your router from VPN-filter Malware

***FBI Alert: Protecting your router from VPN-filter Malware


FBI Alert: Protecting your router from VPN-filter Malware

Posted By: Jessica Patterson - 6/5/2018 12:00:00 AM

FBI Alert: Protecting your router from VPN-filter Malware

***NOTE: If you're a Runbiz managed customer you're business is already protected from the VPNFilter malware.

The FBI posted an alert on May 25, 2018 that many small office and home routers and other network devices may be compromised with VPN-filter malware.  Attackers were able to infect routers that were using default login credentials with remote access enabled (meaning it was visible over the internet), and that have outdated firmware updates leaving many security holes unpatched.


What is VPN-Filter?

VPN-filter is a form of malware (or malicious software).  Typically, malware can steal passwords and other personal information and can format hard drives potentially creating door stops out of devices.  The VPN-filter is considered an IoT (Internet of Things) Bot-net form of malware which can do everything traditional malware can do and more.  Bot-net’s have the unique ability to call to their “home” servers (criminal operated) to receive & download instructions making these common apparatus’s adaptable to cyber security modifications and basically causing devices to be remote controlled by criminals.

The VPN-filter acts in three stages.  Stage 1 isn’t malicious, but it is the key to skirting firewalls. This stage serves to ping (or call home) to the control server allowing the criminals to download further instructions to enable stage 2 and stage 3 of the malware.  Stage 2 of the package downloads many of the primary tools the malware needs to further compromise the network, leading to stage 3 package which adds support for scoping out information as it passes through the router.  This malware makes privacy and login security a huge issue, but it also has the potential to allow criminals to control your router to attack other networks virtually shutting them down.


How do I know if I have been infected?

Unfortunately, since routers and other IoT’s (Internet of Things) are usually inexpensive, cyber security has not been on the fore-front for importance, but they are beginning to catch up.   There are limited resources for scanning these devices (unlike our computers virus/malware scanners) and although it is not impossible, it is however very difficult to detect infection in these devices.


What do we do?

The first step advised by the FBI is to reboot the router by unplugging the power source, wait 30 seconds (make a cup of coffee with your free time), then plug back in.  This is not a permanent fix to the VPN-filter, but it will clear stage 2 and 3 of the malware leaving stage 1 still in place. This will help law enforcement identify infected routers as stage 1 begins pinging the home server for stage 2 instructions.   If infected, owners may need to replace older routers with a more modern replacement.  


Practicing Good Cyber Security Hygiene on all routers and devices connected directly to the internet will help remove virus’ and malware and help prevent future outbreaks.

(Due to the number of models and devices available, go online to find your particular models’ instructions.)

  1. Rename your router.Doing this one simple task increases the work load on any potential cyber bad guy.If your router has the default name (like Belkin), then it is much easier to search the internet for the common default login credentials to match the Belkin router.If the router has a unique name, then the search becomes much more cumbersome.


  2. Change the default admin user name and password to something strong and unique. Use a password manager to help organize and store this information if you have several devices.Know this:there are MANY lists available on the internet of default login credentials.If you are using the default login credentials, then criminals have your information and WILL use it when they are ready…change it.


  3. Learn how to update your Firmware on your router and other IoT devices and update regularly.Updating firmware should close many holes in security and remove existing malware.

    User note: Read all instructions before you begin and know how to reset if something goes wrong and you need to start over. 


  4. Make sure you have good updated firewall in place at your home or business.The firewall will filter information coming in through the internet, preventing any packets of information that have been flagged by the filters.


For more information on Safe Computing visit: www.safecomputing.run.biz


Source Information:

FBI Report: https://www.ic3.gov/media/2018/180525.aspx

Alert Number: I-052518-PSA


Article: Federal Authorities: Reboot your router to stop Russian malware by Ryan Whitwam


PO BOX 51207 
Amarillo, Texas 

Great care has been taken in producing this compilation of resources. Citations are given as possible, but please know that this piece of work is from a collection of extraordinary minds.