Virus Attacking Routers Much Worse Than First Thought

There is a new computer virus that is not targeting your computer but rather the router that sits innocently in the corner of your house.  The virus is called VPNFilter and was first disclosed by Cisco Talos a couple of weeks ago.  It has already infected over 500K networking devices and has prompted the FBI to issue an urgent public service warning to reset your router.   Because all your traffic flows through your router, this virus has enormous access to collect your personal information and spy on your activities.    

The very latest research from Talos and other security researchers are now reporting that the list of affected devices is much larger than first reported.   In addition to Linksys, Netgear, TP-Link, and MikroTik, the new list also includes ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE (Gryphon with ESET technology is not affected and has active measures to prevent this type of virus).    They have also discovered that the virus is capable of much more damage.    In addition to collecting all the data that passes through your router, the virus can also infect connected devices served by the router by injecting malicious code when the device is browsing the web.  Further research into this virus is ongoing and may uncover more details.

What can you do if you have one of the routers listed above?

1. At the minimum, reset your router.   This will kill stage 2 and 3 of the virus which is the malicious portion.
2. However, stage 1 of the virus can still download the other stages at a later time.   To kill stage 1 of the virus, you will need to do a full factory reset of your router.  Consult your router manufacturer on how to do that.
3. Once you’ve done the first 2 steps, update the software on your router.   This virus uses known old vulnerabilities to spread that some manufacturers already has patches for.
4. Change your router admin password to something stronger.
5. Since this virus collects traffic data, also take the time to update your passwords for sensitive online services such as your online banking.
6. For more advanced users, turn off port forwarding.    Forwarding ports essentially puts your network device on the Internet for hackers to hack.   Note: this virus was first discovered on a port forwarded NAS (network attached storage) device.
7. If your router is old and you are shopping for a new router, make sure you get one that prioritizes security.

Gryphon is now on AMAZON with free Prime shipping.