Router malware VPNFilter worse than expected; more brands may be affected

/ 04:24 PM June 07, 2018

Image: Cisco Talos Security Intelligence and Research Group

Additional research on the router malware VPNFilter has found that it may be more dangerous than previously thought.

An update on the ongoing study of the router malware by Cisco Talos Security Intelligence and Research Group (Talos) found an even bigger threat than previously thought. VPNFilter may also be targeting new router brands in the malware’s continued spread, according to a statement.


The new router brands the researchers found to be vulnerable are ASUS, D-Link, Huawei, Ubiquiti, UPVEL and ZTE. In addition, more device models from Linksys, MikroTik, Netgear and Network Storage Device (NAS) maker TP-Link were found to be vulnerable.

As for VPNFilter, cybersecurity researchers learned that the malware had a module they called “ssler” (pronounced “esler”), which could be used to hijack web traffic as it passes through a router or NAS. After hijacking, VPNFilter injects malicious software to infect more networked devices.


Talos also discovered a module they call “dstr,” or device destruction module. When activated, the dstr module removes all traces of VPNFilter including files needed by a device to operate normally. This basically renders the infected device unusable or “bricked.”

The researchers put together a new list of affected networking devices, which includes models from the new brands being targeted.

In conclusion, Talos researchers and their partner organizations found that VPNFilter could destroy not only a directly targeted device but also any other networking device connected to the initial victim. Attackers could effectively cover their tracks using this method after acquiring the information they needed.  /ra


500,000 internet routers may be infected with destructive malware, experts say

GitLab traffic spikes after news of GitHub purchase by Microsoft

‘Back to the Future’ inspires scientists to make ’flux capacitor’ for quantum computers


TOPICS: Cisco, Cybersecurity, malware, malware infection, VPNFilter
Read Next
Don't miss out on the latest news and information.
View comments

Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.

For feedback, complaints, or inquiries, contact us.

© Copyright 1997-2020 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.