Q1. What should I do if my router is affected?
Reboot immediately by performing a hard reset on device!
Steps to hard reset your Asus router:
Reset the device to factory default: Hold the Reset button in the rear for at least five seconds until the power LED starts blinking
Update all devices to the latest firmware
Ensure default admin password had been changed to a more secure one
Disable Remote Management (disabled by default, can only be enabled via Advanced Settings)
Enable the URL filter in the Advanced Settings -> Firewall. Set the Filter table type as Black List. Add the "Photobucket" and "toknowall" in the URL filter list.
Q2. Is my router affected?
List of routers affected:
Asus RT-AC66U
Asus RT-N56U (EOL)
Asus RT-N10 (EOL)
Asus RT-N10E (EOL)
Asus RT-N10U (EOL)
Asus RT-N66U
Other affected routers can be found here
Q3. What is VPNFilter Malware?
VPNFilter Malware is a new threat which targets a range of routers and network-attached storage (NAS) devices are capable of knocking out infected devices by rendering them unusable. It is capable of maintaining a persistent presence on an infected device, even after a reboot.
VPNFilter has a range of capabilities including:
Spying on traffic being routed through the device
Theft of website credentials
Intercepting all traffic going through the device via port 80, meaning the attackers can snoop on web traffic and also tamper with it to perform man-in-the-middle (MitM) attacks
Change HTTPS requests to ordinary HTTP requests, meaning data that is meant to be encrypted is sent insecurely
Harvest credentials and other sensitive information from the victim’s network
Destructive capability and can effectively “brick” the device if it receives a command from the attackers
Overwriting a section of the device’s firmware and rebooting, rendering it unusable
Monitoring of Modbus SCADA
For more info, head over to this article.