top of page

Evolve Your Communications With 3CX Phone System

Consulting and Contracting

FBI Issues a Public Service Announcement

Advanced Digital Systems felt it was important to inform all of our customers about the critical security notice issued by the FBI's Internet Crime Complaint Center. The FBI is urging small businesses and every household in the country to reboot wireless internet routers, the bureau said in a public service announcement.

Need help? Contact Us Now.

Is my device affected?

At this time, VPNFilter is reported to infect small office/home office routers from Linksys, MikroTik, Netgear, and TP-Link, as well as QNAP network-attached storage (NAS) devices.

Infected devices include:

-Linksys E1200
-Linksys E2500
-Linksys WRVS4400N
-Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
-Netgear DGN2200
-Netgear R6400
-Netgear R7000
-Netgear R8000
-Netgear WNR1000
-Netgear WNR2000
-QNAP TS439 Pro
-Other QNAP NAS devices running QTS software
-TP-Link R600VPN

What does VPNFilter do to infect a device?

VPNFilter searches network data where an infected device is physically located, it will then start gather the passwords, usernames, and other credentials the network.

This software installs in multiple stages:

  1. Stage 1 involves a worm and adds it to  the list of tasks run at regular intervals by the cron scheduler on Linux. This allows it to remain on the device, to re-infect it with the subsequent stages if they are removed.

  2. Stage 2 is the actual body of the malware, including the basic code that carries out all normal functions and executes any instructions requested by special, optional Stage 3 modules.

  3. Stage 3 can be any of various "modules" that tell the malware to do specific things, like spying and stealing website credentials on industrial control devices (Modbus SCADA) or using secure "dark web" software to communicate via encryption. 

What if I own an affected device?  What should I do?

REBOOT IMMEDIATELY. If the device is infected with VPNFilter, rebooting will remove Stage 2 and any Stage 3 elements present on the device.  The problemt with just rebooting is that since it will only get rid of stage 2 & 3 it allows the continueing presence of Stage 1 with means that Stage 2 & 3 can be reinstalled by the attacker. 

You should then apply the latest available patches to your deices and ensure not to us default credentials. 

If Stage 1 of VPNFIlter continues even after reboot is there a way I can remove it? 

Yes, You can perform a hard reset on the device which will factory restore the settings of your device and wipe it clean and remove Stage 1. Most devices a hard factory reset can be done by pressing and holding a small reset button or switch when power cycling the device.

NOTE:  By factory resetting any configuration details and credentials that were stored on your device will be wipes by this reset.  Be sure to back up this information prior to hard reset.

Need help?

Contact us, we can help!

bottom of page