Malware can be retrieved from router with reboot by confiscation c & c server
Because the US intelligence service FBI seized a command & control server, it is possible to deactivate the malware that hit half a million users in the past by rebooting the router.
The malware consists of several parts. The first part is not harmful and survives reboots, but needs instructions from a server to install the payload of the second and third part. Those parts do not survive reboots. Now that the server giving directions on where the second and third parts can be found online, the danger has passed, writes The Daily Beast .
The FBI has received permission from the judge to order Verisign to take over the domain ToKnowAll [.] com, so that the malware will from now on contact the servers of the FBI. The intelligence service does this to collect IP addresses from affected routers
On the site of Cisco’s security branch Talos more information about the VPNFilter. The Ukrainian government organization SBU believes that the Russian government is behind the attack, possibly for an attack during the Champions League final on Saturday. Cisco also suspects that the Russian state is behind the attack.
The FBI has received permission from the judge to order Verisign to take over the domain ToKnowAll [.] com, so that the malware will from now on contact the servers of the FBI. The intelligence service does this to collect IP addresses from affected routers
On the site of Cisco’s security branch Talos more information about the VPNFilter. The Ukrainian government organization SBU believes that the Russian government is behind the attack, possibly for an attack during the Champions League final on Saturday. Cisco also suspects that the Russian state is behind the attack.
| Linksys | Mikrotik | Netgear | Qnap | TP-Link |
| E1200 | 1016 | DGN2200 | TS251 | R600VPN |
| E2500 | 1036 | R6400 | TS439 Pro | |
| WRVS4400N | 1072 | R7000 | ||
| [19659006] R8000 | ||||
| WNR1000 | ||||
| WNR2000 |