Symantec releases Quick Online Tool to assist users and enterprises detect recent VPNFilter malware on routers

Symantec Corp. announced on Friday VPNFilter Check, a free online tool designed to help individuals and organizations quickly and simply determine if a router may be impacted by VPNFilter malware.

First reported in May, VPNFilter targets a wide range of IoT devices such as routers and network-attached storage (NAS) devices. VPNFilter installs a plugin which monitors and modifies web traffic sent through the infected router, allowing cyber criminals to inject malicious content, render routers inoperable or steal passwords and other sensitive user information. Symantec’s VPNFilter Check determines if traffic in the home or company is being altered by a router infected with the threat.

The malware, known as VPNFilter, is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot. VPNFilter has a range of capabilities including spying on traffic being routed through the device. Its creators appear to have a particular interest in SCADA industrial control systems, creating a module which specifically intercepts Modbus SCADA communications.

According to new research from Cisco Talos, activity surrounding the malware has stepped up in recent weeks and the attackers appear to be particularly interested in targets in Ukraine.

While VPNFilter has spread widely, data from Symantec’s honeypots and sensors indicate that unlike other IoT threats such as Mirai, it does not appear to be scanning and indiscriminately attempting to infect every vulnerable device globally.

Norton Mobile Security, the Norton Core Secure WiFi Router and Symantec Endpoint Protection Mobile provide protection from VPNFilter. The ability of VPNFilter to monitor and alter network traffic adds to ongoing privacy concerns that have been increasingly visible with the recent deployment of the new GDPR regulations. Symantec also offers a wide variety of privacy solutions, including Symantec VIP and Norton WiFi Privacy.

“VPNFilter poses a very serious threat to both consumers and businesses including injecting malware and the stealing of passwords and other confidential data,” said Greg Clark, Symantec CEO. “More than half a million routers are suspected to have been infected with VPNFilter and we urge the public to take action to determine if their own home router has been infected.”

“This malware is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot,” said Stephen Trilling, senior vice president and general manager, Security Analytics and Research, Symantec. “Symantec’s online VPNFilter Check tool provides individuals and organizations with an easy way to determine if their routers have been compromised by this threat, and suggests steps they can take if infected.”

 


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.

Name