Warning over VPNFilter malware and botnet as more routers are affected
Popular Netgear and TP-Link routers added to Cisco Talos VPNFilter warning list
The 'VPNFilter' router malware is a bigger security risk than first thought, with the number of devices potentially affected growing.
VPNFilter, uncovered by Cisco Talos, is believed to have originated in Russia, with the malware forming a botnet.
However, rather than being deployed to target systems in distributed denial of service (DDoS) attacks, it has features enabling its operators to steal website credentials and monitor industrial controls.
The malware also prompted the FBI to issue an official warning, but it is still spreading, according to new research from Cisco Talos. They now claim that it affects far more routers than had previously been thought.
The full list includes routers from Asus, D-Link, Huawei, Linksys, Microtik, Netgear, QNAP, TP-Link and ZTE along with many others.
The appearance of Netgear and TP-Link on this list ought to be particularly alarming, as both brands are popular in the UK and were also affected by last year's Mirai botnet. Many of the other brands are better known in other fields, or in some cases, more popular overseas.
Although the primary target for the creators of VPNFilter would appear to be Ukraine, indicating that sources in the Russian state are responsible for it, that won't necessarily stop it from being used elsewhere.
Users of the affected models have been advised to reboot immediately and update the firmware. However, many manufacturers haven't released updated firmware yet.
In addition, some network-attached storage devices (NAS) are also affected by VPNFilter.
One of the special features of VPNFilter, according to Cisco Talos, is a 'kill command' that can not only wipe out the malware if it detects an attempt at detection, but deliberately overwrite the flash memory of the host device, which will 'brick' many routers beyond recovery.