There is a new computer virus that is not targeting your computer but rather the router that sits innocently in the corner of your house. The virus is called VPNFilter and was first disclosed by Cisco a couple of weeks ago. It has already infected over 500K networking devices and has prompted the FBI to issue an urgent public service warning to reset your router. Because all your traffic flows through your router, this virus has enormous access to collect your personal information and spy on your activities.
The very latest research from Cisco Talos and other security researchers are now reporting that the list of affected devices is much larger than first reported. In addition to Linksys, Netgear, TP-Link, and MikroTik, the new list also includes ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE (Gryphon with ESET technology is not affected and has active measures to prevent this type of virus). They have also discovered that the virus is capable of much more damage. In addition to collecting all the data that passes through your router, the virus can also infect connected devices served by the router by injecting malicious code when the device is browsing the web. Further research into this virus is ongoing and may uncover more details.
What can you do if you have one of the routers listed above?
- At the minimum, reset your router. This will kill stage 2 and 3 of the virus which is the malicious portion.
- However, stage 1 of the virus can still download the other stages at a later time. To kill stage 1 of the virus, you will need to do a full factory reset of your router. Consult your router manufacturer on how to do that.
- Once you’ve done the first 2 steps, update the software on your router. This virus uses known old vulnerabilities to spread that some manufacturers already has patches for.
- Change your router admin password to something stronger.
- Since this virus collects traffic data, also take the time to update your passwords for sensitive online services such as your online banking.
- For more advanced users, turn off port forwarding. Forwarding ports essentially puts your network device on the Internet for hackers to hack. Note: this virus was first discovered on a port forwarded NAS (network attached storage) device.
- If your router is old and you are shopping for a new router, make sure you get one that prioritizes security.
John Wu (Twitter: @johnwu71) is one of the inventors of the MiFi intelligent mobile hotspot and CEO and co-founder of Gryphon Online Safety, a company dedicated to protecting the connected family with Gryphon, the world’s first mesh WiFi router that uses machine learning to block malware from entering your network and protect kids from inappropriate content online. Learn more about Gryphon at www.gryphonconnect.com
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Deana Dean says
I changed the password for my router as soon as I set it up a couple years back. It is fairly strong. It is more than 8 characters, consisting of upper and lower case letters, numbers and non alpha numeric characters. The password they had for it was stupid easy. Also, it is based on something no one know and not related to any other passwords. How bad are the chances of it being infected. Do you think I can get away with resting my router once a week? I am guessing I probably need to do the update. If they have it for my router as old as it is.
John Wu says
Hi Deana,
Definitely check with your router manufacturer to see if they have any security patches. The virus uses known vulnerabilities.
Lenny says
If the router is running ddwrt can it still be infected?
John Wu says
Hi Lenny,
Possibly. Really depends on your security settings for the router. Disable any remote management ports. Linksys routers are among the routers that have been hacked.
Babu says
My friend has been pounded into buying a VPN after seeing adverts online.And now,he feels this VPN can halt or cover up any attack from the Router incase of such.
Is there any security measures that can be used on PCs and also we can inform clients, who may not want to touch their routers?
Aarif A. Ahnaf says
I did not know that before Virus Attacking Routers. I got to know something new today. thanks dear
Yasha says
Routers run a small operating system, so yes, they are vulnerable just like any other OS.
Cisco Router says
Don’t forget about the router that is relaying data to and from the device in front of you – and its potential vulnerability to the VPN Filter malware. So we all have a little bit active towards router security.
Reset Netgear Router Password says
yes its true, I am also using the router and I have faced many problems it occurs the virus, I need to change my old router and get a new net gear router, and now its work fine.
dell tech support says
We can connect the VPN and antivirus with routers to prevent the hacking. The VPN is used to hide the IP address of the router. The antivirus also prevents the virus to attack the router.
Samiul says
I will check my router and be going to reset it. Thanks for this virus news.
Linksys Customer Service says
Choosing a secure router, you should consider the size of your coverage area and the number of clients, as well as the types of devices that will connect to the router. So if you are gathering for powerful Wi-Fi network for all your online activities go with Linksys router.
Linksys Support Number says
I will surely Be Going to reset my router now, Very Useful information Shared here regarding the security of Router. This is new for me to know about Virus Attacking Routers.
Belkin Router Support says
Nowadays anytime virus may damage your device. So, be careful about the unknown network. I am using VPN to hide Ip address. It is a very useful technique. Thank you for this tutorial!
Dwayne Webb says
Hi , said to kill stage 2 do factory reset and update software. With cable modem/ router such as Netgear it’s easy to do a factory reset but the software update is controlled by the cable company itself. What should I do in this situation?
greg says
Most online (and *banking*) services use HTTPS as their protocol. The stream is *encrypted* at both *ends*. The router can’t decode it or sniff your traffic.
Nevertheless its a good idea to do a factory reset if you find that you are infected.
Mywifiext.net Netgear Ex2700 Setup Page says
Thanks for sharing this useful info.
192.168.1.250 says
Really interesting!! Thanks for sharing..
change netgear router password says
Network security is one of the most important things. We must be conscious of our device’s security. Because of the virus can att atack any time.
geometry dash says
top 01 dream!
2019 result pec class 8th says
After I initially commented I clicked the -Notify me when new feedback are added- checkbox and now every time a comment is added I get four emails with the identical comment. Is there any way you possibly can take away me from that service? Thanks!
Netgear router help says
hi i dont know my router password how to reset & how do i contact netgear router customer service
epson connect login says
I changed the password for my router as soon as I set it up a couple years back. It is fairly strong. It is more than 8 characters, consisting of upper and lower case letters, numbers and non alpha numeric characters. The password they had for it was stupid easy. Also, it is based on something no one know and not related to any other passwords.
n600 router says
That virus was quite awfully bad.
DNS Error In Netgear Routers says
Oh, actually you’re right, I really found your article much appreciatable awaiting to read more stuff like this!