In the past a few months, affected those who spread all over 54 countries to exceed 500, 000 roads by implement the effect that with the VPNFilter ill will of NAS equipment software place causes should compare an imagination medium get badly much.
The detail that the new technology that Cisco Talos safe group released recently studies makes clear, at first researcher thinks this baleful software can affect Linksys only, mikroTik, netgear, the equipment of TP-Link and QNAP, nevertheless the fact is its still can affect Hua Shuo, d-Link, china for, ubiquiti, the equipment of UPVEL and resurgence.
New-style VPNFilter plug-in unit
Not only such, researcher still discovered the new capacity of VPNFilter, the plug-in unit that its regard the 3rd phase as in the 3 phase of system of baleful software deploy bales.
Cisco expert expresses, they had discovered the following two new-style plug-in unit of the 3rd phase.
Ssler: This plug-in unit is mixed through bagman attack intercept modification port the 80 network discharge that go up, at the same time plug-in unit also supports demote HTTPS for HTTP;
Dstr: This plug-in unit is used at enclothing equipment firmware, it is OK that Cisco understands VPNFilter erasure equipment firmware, but in the report recently, this ability has been pointed to plug-in unit of specific the 3rd phase.
Above two plug-in unit had been added in additionally two foregone plug-in unit:
Ps: This plug-in unit is OK the network flow that data of smell spy network includes specific type. Cisco thinks this plug-in unit ever was used at searching labour to accuse the Modbus data bag with software and SCADA commonly used equipment, but its say in newest report, this plug-in unit is OK still smell explore builds facility of connective of fictitious and special network through TP-Link R600.
Tor: This plug-in unit is used at having communication through Tor network and C&C server.
Generally speaking, the technicality of VPNFilter baleful software is OK examine in the first report of Cisco, about Ssler, dstr and Ps are examined in the report that plug-in unit of these the 3rd phase can issue on June 6.
VPNFilter corpse network was discovered to affect a whole world before this a large number of equipment, researcher prepares the discovery that they announced when to Wukelan's IT infrastructure undertakes the network is hit in corpse network. A lot of people think, network attack should be by May at black gram Lan Jifu holds final of football of European champion league matches to was started that day.
FBI through take-overing the C&C server of VPNFilter undertook intervention to corpse network, however, this is considered as the baleful software that Russia army develops, had begun to establish new corpse network recently, continue to be aimed at facility of Wukelan that is affected.
It is the road that the place of software of VPNFilter ill will after updating is aimed at below by implement with NAS equipment list. Cisco expresses last month, VPNFilter won't affect facility through 0 days of flaw, this means all and listed model have charge through be aimed at prior firmware version, the user can update newest firmware version to let equipment avoid suffer infection.
If the user cannot update its road by implement firmware, also do not want to change new way at the same time by implement, but still hope to keep clear of from equipment baleful software, offerred in this article about how the proposal that safety deletes baleful software. Move from inside getting infection equipment actually it is very difficult to divide VPNFilter, because this kind of baleful software is,two kinds can be in SOHO road by implement one of baleful software with endurance of the implementation on equipment of content couplet network. In addition, if road by implement had affected this kind of baleful software, also can not appear so any evidence, so unless you can scan road by implement firmware, knowing to whether be affected otherwise also is a tickler. The road that the best proposal that so we can give out now ensures what you move is to have newest firmware version namely by implement.
Asus equipment:
RT-AC66U (is new)
RT-N10 (is new)
RT-N10E (is new)
RT-N10U (is new)
RT-N56U (is new)
RT-N66U (is new)
D-Link equipment:
DES-1210-08P (is new)
DIR-300 (is new)
DIR-300A (is new)
DSR-250N (is new)
DSR-500N (is new)
DSR-1000 (is new)
DSR-1000N (is new)
Huawei equipment:
HG8245 (is new)
Linksys equipment:
E1200
E2500
E3000 (is new)
E3200 (is new)
E4200 (is new)
RV082 (is new)
WRVS4400N
Mikrotik equipment: (At the rehabilitate in RouterOS 6.38.5 version)
CCR1009 (is new)
CCR1016
CCR1036
CCR1072
CRS109 (is new)
CRS112 (is new)
CRS125 (is new)
RB411 (is new)
RB450 (is new)
RB750 (is new)
RB911 (is new)
RB921 (is new)
RB941 (is new)
RB951 (is new)
RB952 (is new)
RB960 (is new)
RB962 (is new)
RB1100 (is new)
RB1200 (is new)
RB2011 (is new)
RB3011 (is new)
RB Groove (is new)
RB Omnitik (is new)
STX5 (is new)
Netgear equipment:
DG834 (is new)
DGN1000 (is new)
DGN2200
DGN3500 (is new)
FVS318N (is new)
MBRN3000 (is new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (is new)
WNR4000 (is new)
WNDR3700 (is new)
WNDR4000 (is new)
WNDR4300 (is new)
WNDR4300-TN (is new)
UTM50 (is new)
QNAP equipment:
TS251
TS439 Pro
The QNAP NAS equipment of software of other moving QTS:
TP-Link Devices:
R600VPN
TL-WR741ND (is new)
TL-WR841N (is new)
Ubiquiti equipment:
NSM2 (is new)
PBE M5 (is new)
UPVEL equipment:
Unknown Models (is new)
ZTE equipment:
ZXHN H108N (is new)