In May, the existence of a new worm was finally disclosed. This worm, called VPNFilter, was uncommon in three ways.
- It infected routers rather than computers
- It was developed to include multiple stages, the first of which does nothing nefarious except existing and downloading the more powerful second stage that contains the actual malware.
- It came with a recommendation from the FBI to reboot our routers in order to stop the worm from advancing to that second stage.
At the time of the announcement, that was all there was to it. But last month, Fancy Bear — the Russian makers of VPNFilter — released a new update that includes instructions to download new third-stage modules that expand the malware’s capabilities.
What does VPNFilter do?
While initially it was thought that the malware would be used for offensive attacks, it’s now understood that it’s much more powerful.
In an interview with Ars Technica, Craig Williams, a senior technology leader at Talos said this, “They can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
Am I infected?
If you’re concerned that your business might be vulnerable, Symantec has published a great tool to check. You can find that tool here: http://www.symantec.com/filtercheck/
What to I do if I’m infected?
If the check from Symantec shows that your network is infected — or if you have any other questions or concerns — contact Technology Revealed at any time. We’re always standing ready to assist you.