44.07685 North (44°  4' 36.66" North)
70.26235 West (70° 15' 44.46" West)
geomagnetic declination 15.66° West
elevation 237 feet (72 meters)
grid square FN44ub 88MK
KE6PIJ is a service mark for Paul N. Leonard Paul N. Leonard
Auburn, ME 04210
Androscoggin County
United States

VPNFilter Malware

You may have heard news reports about 500,000 routers having been hacked worlwide by a new malware directed at routers and that it can shutdown these infected routers instantly. The reports are true! The malware is quite advanced, and from a technical standpoint, impressive. Many of the reports I've seen and heard about seem to gloss over key points and lead people to try solutions that simply won't do much for them. My attempt here is to provide the necessary information to know what you should do, if you need to do anything at all.

If you enjoy reading the gory details, this link will provide what they know as of now. Keep in mind this is a preliminary report that was released early due to activity that was observed and led them to beleive a widespread attack was imminent.

Affected Devices

The router is connected directly to the Internet, and thus doesn't afford itself much of the same protections that computers have. Many routers have known vulnerabilities, and this malware knows about them. Having one of the listed routers doesn't mean it's infected. Not having one of the listed routers doesn't mean it can't be infected. This is preliminary and these are only the currently known devices being attacked.

Whether you have a router you purchased and installed, or are using one supplied by your Internet provider, you should look at it and identify the make and model then check it against the list below. If you don't have a match, then relax for now and check back every so often. If you find a match, don't worry, you can take measures. In either case, you do not need to take any precautions or do anything to your computer since your computer is unaffected by any of this (however, the traffic from your computer to the Internet may be monitored). If your listed device belongs to your Internet service provider, contact them about cleaning and/or updating the router.

Linksys Devices




Other QNAP NAS devices running QTS software


Have a Match, Now what?

Don't Panic!

From the source of this exploit's information release;
"... reset [the router] to factory defaults and reboot [it]..."
In fact, simply rebooting it provides a degree of safety for a very short time, but restoring to factory defaults is preferred.

That will take care of the active part of the infection, temporarily. Long enough to take the next measures.
"... If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately."

Did this help?

If something isn't clear, or you have heard you should be doing something different or more extreme to protect aagainst this, shoot me a message, ask a question, and I'll do my best to address it. This page is intended to provide layman information and address concerns. I'll add to this based on feedback.
Now go back to enjoying your Internet experiences.

Valid HTML 4.01 Transitional Valid CSS! 100% Hand coded HTML/CSS Best Viewed on Any Browser The box said 'Install Windows XP or better' so I installed Linux Powered By Apache HTTP Server Powered by php ARRL Big Project: Amateur Radio in the Classroom American Radio Relay League (ARRL) Logo Amateur Radio Emergency Service (ARES) Logo Radio Amateur Civil Emergency Service (RACES) Logo
Copyright 2015 Paul N. Leonard
KE6PIJ is a service mark for Paul N. Leonard