Skip to main content
All CollectionsBroadband & Voice SupportTechnical Support
My Router is Disabled/Destructed by VPNFilter Malware, What Should I Do?
My Router is Disabled/Destructed by VPNFilter Malware, What Should I Do?
Updated over 6 months ago

If you suspect that your router might be affected by VPNFilter Malware, it's crucial to take immediate action to protect your network. This guide will help you understand what to do if your router is compromised, how to identify if your router is affected and provide an overview of VPNFilter Malware.

What should I do if my router is affected?

🚨 Reboot immediately by performing a hard reset on the device!

Steps to Hard Reset Your Asus Router:

  1. Reset to Factory Default: Hold the Reset button on the rear of the device for at least five seconds until the power LED starts blinking.

  2. Update Firmware: Ensure all devices are updated to the latest firmware.

  3. Change Admin Password: Make sure the default admin password has been changed to a more secure one.

  4. Disable Remote Management: This is disabled by default and can only be enabled via Advanced Settings.

  5. Enable URL Filter:

    • Go to Advanced Settings -> Firewall.

    • Set the Filter table type to Black List.

    • Add "Photobucket" and "toknowall" to the URL filter list.

Is my router affected?

List of affected routers:

  • Asus RT-AC66U

  • Asus RT-N56U (EOL)

  • Asus RT-N10 (EOL)

  • Asus RT-N10E (EOL)

  • Asus RT-N10U (EOL)

  • Asus RT-N66U

Other affected routers can be found here.

What is VPNFilter Malware?

VPNFilter Malware is a new threat targeting a range of routers and network-attached storage (NAS) devices. It can render infected devices unusable and maintain a persistent presence even after a reboot.

Capabilities of VPNFilter Malware:

  • Spying on Traffic: Monitors traffic routed through the device.

  • Theft of Website Credentials: Steals login information from websites.

  • Intercepting Traffic: Intercepts all traffic via port 80, allowing attackers to snoop and tamper with web traffic.

  • Downgrading Security: Changes HTTPS requests to HTTP, sending data insecurely.

  • Harvesting Sensitive Information: Collects credentials and other sensitive data from the network.

  • Destructive Capability: Can "brick" the device by overwriting firmware and rebooting.

  • Monitoring Modbus SCADA: Monitors specific industrial control protocols.

Taking these steps and understanding the malware's capabilities can help protect your network and devices from VPNFilter. You can see more information here.

Did this answer your question?