Bitdefender Home Scanner application to the rescue of non-updated routers

Malware VPNFilter has proven how important security updates are. The report released by the Cisco Talos Group sheds more light on the use of botnets with a decentralized structure to acquire more devices, including routers, NAS servers and IoT to a group of controlled and used zombie devices in attacks on devices on the Internet. Malware VPNFilter can infect more devices than the first experts' analyzes indicated. Among the susceptible brands are routers, NAS servers and IoT devices from ASUS, D-Link, Huawei, Ubiquiti, UPVEL, ZTE, Linksys, MikroTik, Netgear, TP-Link and QNAP. It is estimated that VPNFilter has infected at least half a million devices, but their real number and the exact list of manufacturers will never be developed.

VPNFilter attributed to Russian hackers (but it can also be a false flag) after installing on the device can log and intercept traffic in both directions on HTTP/S and Modbus TCP/IP protocols, thanks to which it creates itself strategic advantage over an unconscious user / administrator - it can easily provide an exploit for another device connected to the LAN or redirect the user to a malicious website. VPNFIlter after the completed activities can remove traces from logs, and also survive the restart - it modifies the NVRAM memory and adds to the crontab. In critical situations, one of the VPNFilter modules can overwrite zeros of the first 5000 bytes in /dev/mtdblock0 and restart the device that will be disposable.

The attack can be carried out ONLY on susceptible devices, and such usually have a default configuration, including the default password and login set by the manufacturer, as well as old, outdated software.

Your router can be infected

According to Bitdefender, as many as every other router may have a more or less significant security hole. Most consumer-class routers are not updated after two years of purchase. The assumptions of Bitdefender employees are worrying, but this is not knowledge that experts and security enthusiasts would not have had for a long time. Producers play a role in the practice because they shorten the life cycle of the product, guided by profit, and in the long run do not care about reported loopholes. Of course, not every producer comes to safety in this way. Ubiquiti and Mikrotik are a model to follow, which drive devices for consumers and businesses with one OS, so even older routers remain high performance, they constantly receive security patches and new features many years after purchase.

So if you are safe with the security, then Bitdefender has prepared for you a Bitdefender Home Scanner application that will help you identify weaknesses in your home network.

Bitdefender Home Scanner

The application can be downloaded for free from the manufacturer's website and tested on a Windows computer.

Bitdefender HOme Scanner

Bitdefender HOme Scanner

Bitdefender HOme Scanner

Bitdefender Home Scanner will scan the wired and wireless network for connected devices (gaming consoles, smart TVs, Wi-Fi cameras, computers with Windows and MacOS, smartphones, IoT and others) and will indicate problems based on supported models. The result of the scan will give an insight into the vulnerabilities in the device and will suggest a way to eliminate them. The operation of the program is trivial, although English language and technical terminology are required.

How to protect yourself from VPNFilter?

Update the router's software to the latest version, and if your device no longer receives security updates, install the alternative OpenWRT firmware. Here you will find a list of supported devices.

The only and sure way to get rid of VPNFilter from the device is to restore factory settings. If you have a lot of non-standard settings, save the previously entered configuration, but just in case, configure the router once more to ensure that no service or remote access to the configuration is not exposed to the Internet without your knowledge. After that, change the default login and password, because in this primitive way VPNFilter infects devices.

You can also exchange your start router with a network antivirus. F-Secure SENSE tested a month ago, but the Finnish brand's product is more than just a regular router, because it has, among others, built-in unique website scanner (based on white and black URLs), which has been borrowed from F-Secure's business antivirus products, and unlike regular routers, it has a firmware firewall equipped with IDS (Intrusive Detection System) systems and IPS (Intrusive Prevention System) that detect attacks and respond to security events. The router analyzes transmitted packets in both directions (outbound and inbound) for malicious IP addresses of C & C servers, i.e. servers that are used by criminals to issue commands to infected devices. The F-Secure SENSE router software can be downloaded and installed automatically, and device operation is easier than traditional routers. With a detailed review and test you will read this article.



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.