Author Topic: VPN Filter malware attack  (Read 1075 times)

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1291
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
VPN Filter malware attack
« on: June 03, 2018, 11:18:14 AM »
https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/05/31/the-cybersecurity-202-only-you-can-prevent-a-vpn-filter-malware-attack-that-s-a-problem-for-the-fbi/5b0ed7b81b326b492dd07eec/?noredirect=on&utm_term=.a432ecd1f6f7

Pretty freaky stuff. They even mentioned that its really easy to have mobile phones tracked. Also, don't forget to update your router firmware (if possible) and restart (power-cycle) your router too. Not all models are effected.
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline andyassur

  • Administrator
  • Heavy Contributor
  • *****
  • Posts: 673
    • View Profile
Re: VPN Filter malware attack
« Reply #1 on: June 04, 2018, 07:10:16 AM »
https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/05/31/the-cybersecurity-202-only-you-can-prevent-a-vpn-filter-malware-attack-that-s-a-problem-for-the-fbi/5b0ed7b81b326b492dd07eec/?noredirect=on&utm_term=.a432ecd1f6f7

Pretty freaky stuff. They even mentioned that its really easy to have mobile phones tracked. Also, don't forget to update your router firmware (if possible) and restart (power-cycle) your router too. Not all models are effected.
its going to be a pain to update my router it has ddwrt on it and i'm not sure of the chipset anymore. if i download the wrong one i brick my router. i had to talk to someone from tech support from ddwrt to get the latest the correct firmware
Thirty spokes are joined in the wheel's hub.
The hole in the middle makes it useful.

...the value comes from what is there,
But the use comes from what is not there.

-Tao Te Ching  chapter 11

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1291
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: VPN Filter malware attack
« Reply #2 on: June 04, 2018, 11:55:54 AM »
Can you temporarily put the stock firmware? Max out the stock firmware then go back to DDWRT with the latest updates?
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline andyassur

  • Administrator
  • Heavy Contributor
  • *****
  • Posts: 673
    • View Profile
Re: VPN Filter malware attack
« Reply #3 on: June 04, 2018, 12:57:04 PM »
Can you temporarily put the stock firmware? Max out the stock firmware then go back to DDWRT with the latest updates?
it would be easier just to figure out my chip set
Thirty spokes are joined in the wheel's hub.
The hole in the middle makes it useful.

...the value comes from what is there,
But the use comes from what is not there.

-Tao Te Ching  chapter 11

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1291
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: VPN Filter malware attack
« Reply #4 on: June 04, 2018, 05:57:40 PM »
Can you temporarily put the stock firmware? Max out the stock firmware then go back to DDWRT with the latest updates?
it would be easier just to figure out my chip set
Agreed
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein


Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1291
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: VPN Filter malware attack
« Reply #6 on: June 08, 2018, 11:13:40 AM »
More information is in on this topic.

https://www.zdnet.com/article/vpnfilter-malware-now-targeting-asus-d-link-huawei-zte/

Quote
Known infected devices include:

Asus: RT-AC66U, RT-N10, RT-N10E, RT-N10U, RT-N56U, and RT-N66U.
D-Link: DES-1210-08P, DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, and DSR-1000N.
Huawei: HG8245.
Linksys: E1200, E2500, E3000 E3200, E4200, RV082, and WRVS4400N.
Mikrotik: CCR1009, CCR1016, CCR1036, CCR1072, CRS109, CRS112, CRS125, RB411, RB450, RB750, RB911, RB921, RB941, RB951, RB952, RB960, RB962, RB1100, RB1200, RB2011, RB3011, RB Groove, RB Omnitik, and STX5.
Netgear: DG834, DGN1000, DGN2200, DGN3500, FVS318N, MBRN3000, R6400, R7000, R8000, WNR1000, WNR2000, WNR2200, WNR4000, WNDR3700, WNDR4000, WNDR4300, WNDR4300-TN, and UTM50.
QNAP: TS251, TS439 Pro, and other QNAP NAS devices running QTS software.
TP-Link: R600VPN, TL-WR741ND, and TL-WR841N.
Ubiquiti: NSM2 and PBE M5.
ZTE: ZXHN H108N.
Malware targeting Upvel has also been found; however, no devices have been isolated by the vendor.

Its scaring how this keeps growing  :o :-\

https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline andyassur

  • Administrator
  • Heavy Contributor
  • *****
  • Posts: 673
    • View Profile
Re: VPN Filter malware attack
« Reply #7 on: June 08, 2018, 12:23:20 PM »
you should be able to tell?
becasue your web browser would show http? instead of https?
if i'm understand this correctly?
Thirty spokes are joined in the wheel's hub.
The hole in the middle makes it useful.

...the value comes from what is there,
But the use comes from what is not there.

-Tao Te Ching  chapter 11

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1291
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: VPN Filter malware attack
« Reply #8 on: June 08, 2018, 01:15:22 PM »
you should be able to tell?
becasue your web browser would show http? instead of https?
if i'm understand this correctly?
According to this website, yes. They said the following.

Quote
To bypass TLS encryption thatís designed to prevent such attacks, ssler actively tries to downgrade HTTPS connections to plaintext HTTP traffic. It then changes request headers to signal that the end point isnít capable of using encrypted connections. Ssler makes special accommodations for traffic to Google, Facebook, Twitter, and Youtube, presumably because these sites provide additional security features. Google, for example, has for years automatically redirected HTTP traffic to HTTPS servers. The newly discovered module also strips away data compression provided by the gzip application because plaintext traffic is easier to modify.

Some of my domains for example provide only HTTP, some only HTTPS, and I think one does both. The ones that only allow HTTPS like this one are safe. At least they make it sound like they are. I would really be surprised if my SSL was broken but if tch has taught me anything its don't be surprised.

Quote
While HTTP Strict Transport Security and similar measures designed to prevent unencrypted Web connections may help prevent the HTTP downgrade from succeeding, Williams said those offerings arenít widely available in Ukraine, where a large number of the VPN-infected devices are located. Whatís more, many sites in the US and Western Europe continue to provide HTTP as a fallback for older devices that donít fully support HTTPS.
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1291
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: VPN Filter malware attack
« Reply #9 on: July 07, 2018, 01:12:31 AM »
Norton (Symantec) has a test for it.

http://www.symantec.com/filtercheck/
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline andyassur

  • Administrator
  • Heavy Contributor
  • *****
  • Posts: 673
    • View Profile
Re: VPN Filter malware attack
« Reply #10 on: July 09, 2018, 12:35:05 PM »
Thirty spokes are joined in the wheel's hub.
The hole in the middle makes it useful.

...the value comes from what is there,
But the use comes from what is not there.

-Tao Te Ching  chapter 11

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1291
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: VPN Filter malware attack
« Reply #11 on: July 09, 2018, 09:05:03 PM »
Norton (Symantec) has a test for it.

http://www.symantec.com/filtercheck/

good to know
Try it. Its actually stupid easy to use lol.
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline andyassur

  • Administrator
  • Heavy Contributor
  • *****
  • Posts: 673
    • View Profile
Re: VPN Filter malware attack
« Reply #12 on: July 10, 2018, 06:39:02 AM »
Norton (Symantec) has a test for it.

http://www.symantec.com/filtercheck/

good to know
Try it. Its actually stupid easy to use lol.
you just hit the check box and run the check?
Thirty spokes are joined in the wheel's hub.
The hole in the middle makes it useful.

...the value comes from what is there,
But the use comes from what is not there.

-Tao Te Ching  chapter 11

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1291
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: VPN Filter malware attack
« Reply #13 on: July 10, 2018, 07:03:27 AM »
Norton (Symantec) has a test for it.

http://www.symantec.com/filtercheck/

good to know
Try it. Its actually stupid easy to use lol.
you just hit the check box and run the check?
Yes, all it does is run a check on their end similar to a port check. Takes a second or two.
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline andyassur

  • Administrator
  • Heavy Contributor
  • *****
  • Posts: 673
    • View Profile
Re: VPN Filter malware attack
« Reply #14 on: July 10, 2018, 09:16:47 AM »
Norton (Symantec) has a test for it.

http://www.symantec.com/filtercheck/

good to know
Try it. Its actually stupid easy to use lol.
you just hit the check box and run the check?
Yes, all it does is run a check on their end similar to a port check. Takes a second or two.

i was alittle confused on how easy it was i kept running it. i was like i dont see anything did it work
Thirty spokes are joined in the wheel's hub.
The hole in the middle makes it useful.

...the value comes from what is there,
But the use comes from what is not there.

-Tao Te Ching  chapter 11