Hackers infect 500,000 consumer routers all over the world with malware
VPNFilter can survive reboots and contains destructive "kill" function.
I publish security alerts like this one on occasion, depending on severity. This one is very serious.
If you have a router that may be infected:
- Connect to your router with an Ethernet cable, and turn off the WiFi. This may seem extreme, but remember that other devices in your neighborhood might be infected.
- WRITE DOWN the WiFi SSID and password, the MAC addresses of any device for which you have reserved an IP address, the starting address for the DHCP assignments, and the port list for any DMZ devices. The IP addresses too, of course (don't ask me how I know). Alt-PrtScr is your friend, and "Paint" can be used to paste-and-print this info if you're using Windows: just remember to print or save every page before you do another screen capture if your not able to print the info from your web browser or if you are using telnet or ssh to access the router.
- Perform a factory reset (NOT just a reboot!) The router will erase all settings. See number 2 first.
- Change the default password. If you check the "Recover password" option, choose hard-to-guess answers to the questions. Likewise, of course, a hard-to-guess password.
- Re-install the settings from step 2.
It takes about an hour if you're taking your time, but longer if you don't follow step 2. :-(
Bill Horne Moderator