Computer Service / Network Integration / Performance Tuning

Home » VPNFilter May Already Infect Your Router

VPNFilter May Already Infect Your Router

Reboot Your Router – Now!

In recent days the Department of Justice (DOJ) and the FBI have both released statements regarding the worldwide infestation of a malware product infesting hundreds of thousands of residential and small business routers.

VPNFilter is using your router to create a botnet capable of targeting government, military, security organizations, and other targets of perceived intelligence value.

This infestation targets SOHO routers and Network Attached Storage (NAS) devices.  It is disseminated and controlled by a group under the control of a group of actors known as the “Sofacy Group” (also known as “apt28,” “sandworm,” “x-agent,” “pawn storm,” “fancy bear” and “sednit”).

Read the full DOJ article here.

Read the full FBI article here.

Read the Ars Technica article here.

What can you do about this?

  • First thing to do is reboot your router immediately.  This will eliminate the stage 2 and 3 infections as they have zero persistence.  The stage 1 infection will remain and will seek instructions to reinfect your router.  This gives our government an opportunity to track down the source.
  • To accomplish this, PULL THE PLUG.  Disconnect it from power for 60 seconds.  Then plug it back in. You may have to press a POWER button on the router (depending on the model) to bring it back up again.
  • Second thing to do is download and install the latest firmware from your router manufacturer.  This is done from the Administration console in your router.  You need to access this via your network on a computer.  Instructions vary depending on the make and model of your router.  Consult your documentation or your router manufacture’s website.
  • For Netgear routers.  Type the following into your browser address bar: http://routerlogin.net
    There will be a button near the top with a notification to get the latest firmware.  Click the button and just wait.  Current response time is abysmal.  Possibly due to this current situation.
  • Do the same thing for ANY NAS devices on your network.  Anything with a storage drive in it should be rebooted NOW.


If all of this makes you just wring your hands in dismay, contact us for a solution

If you’re local to Dallas, Texas we can come to you – or

We can remote in to anyplace in the world.

DFW Computer Integration
7522 Campbell Rd
Dallas, TX 75248

Name of author

Name: Wizard

Short Bio: The Computer Wizard (TCW). TCW was founded by Warren P. Harris in 1994 to service and repair computers in the San Francisco Bay Area. Relocating the business to Plano, Texas in 1999, TCW continued to flourish when an unfortunate loss of data for a wedding Mr. Harris photographed, caused him to research data recovery options. Realizing he would have to either pay someone to recover the photos or find out how to do it himself, the rest, as they say "is history". Approached by a friend who was a Private Investigator in 2006, Mr. Harris studied for his Investigator's license and began honing his skills in Computer Forensics. The company was renamed DFW Computer Integration in 2015.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.