cancel
Showing results for 
Search instead for 
Did you mean: 

-- Our EOL Asus routers now made the expanded list of Russian maleware attack!!! --

BluePhoenix
Level 7
Looks like our new Asus routers now made the expanded list of Russian maleware attack. Question is, what is Asus and Trend Micro going to do about it?

The title of the Ars Technica article today is: "VPNFilter malware infecting 500,000 devices is worse than we thought"

https://arstechnica.com/information-technology/2018/06/vpnfilter-malware... (link is external)

Here are some excerpts from the article:

"Malware tied to Russia can attack connected computers and downgrade HTTPS."

" Two weeks ago, officials in the private and public sectors warned that hackers working for the Russian government infected more than 500,000 consumer-grade routers in 54 countries with malware (link is external) that could be used for a range of nefarious purposes. Now, researchers from Cisco’s Talos security team say additional analysis shows that the malware is more powerful than originally thought and runs on a much broader base of models, many from previously unaffected manufacturers."

" The most notable new capabilities found in VPNFilter, as the malware is known, come in a newly discovered module that performs an active man-in-the-middle attack (link is external) on incoming Web traffic. Attackers can use this ssler module to inject malicious payloads into traffic as it passes through an infected router. The payloads can be tailored to exploit specific devices connected to the infected network. Pronounced “essler,” the module can also be used to surreptitiously modify content delivered by websites. "

"All your network traffic belongs to us"

“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”

"There is no easy way to know if a router is infected. One method involves searching through logs for indicators of compromise listed at the end of Cisco's report. Another involves reverse engineering the firmware, or at least extracting it from a device, and comparing it with the authorized firmware. Both of those things are out of the abilities of most router owners. That's why it makes sense for people to simply assume a router may be infected and disinfect it. Researchers still don't know how routers initially become infected with stage 1, but they presume it's by exploiting known flaws for which patches are probably available."

"Steps to fully disinfect devices vary from model to model. In some cases, pressing a recessed button on the back to perform a factory reset will wipe stage 1 clean. In other cases, owners must reboot the device and then immediately install the latest available authorized firmware from the manufacturer. Router owners who are unsure how to respond should contact their manufacturer, or, if the device is more than a few years old, buy a new one."

- End article excerpts

Read the Ars Technica article linked above to see if the expanded list includes your brand of router

That article actually has a lot more useful information and describes a lot more in depth about what is going on with our personal routers and how they are being attacked by Russia and other state sponsored governments. Once your routers are infected, you may not even know it and all of your passwords to your bank accounts and other sensitive personal information and can be intercepted and stolen without you even knowing it. As the article even said, money could even be being siphoned off out of your bank accounts and you may remain unaware.

Ball is in your court Asus. What are you and Trend Micro going to do about this to help protect us ASUS router users/customers?
7,492 Views
11 REPLIES 11

Sprayingmango
Level 10
Ummmm no....no it has not. There is not a single Asus ROG router on that list. You are completely wrong.

MasterC
Community Admin
Community Admin
Generally, the ROG forum isn't meant for discussions regarding ASUS routers. However, while we are on this topic, the ROG Rapture is not vulnerable and there is no reason for concern.

Most of the ASUS models mentioned above have been EOL (end of life) for a while now (can't understand why they are all labelled as 'new'), and we have no reports of any gaming routers being affected.

VPNFilter is malware, and as such, it requires a 2-step process:
1. Infect device.
2. Establish connection with C&C (control and command) server, await for further instructions from person/people responsible.

ASUS releases patches consistently in order to prevent step 1, while AiProtection blocks step 2.
TrendMicro has already verified that the C&C servers for VPNFilter are in the AiProtection signature (Step 2 is secure).

If anyone is still concerned about security, here are a few suggestions:
1. Always update your router firmware.
2. Enable AiProtection.
3 Use more complex passwords for your router login and Wi-Fi.
4. Avoid public Wi-Fi hotspots whenever possible, and use VPN if necessary.
_____________________________________________________________
FPS, Racing, and VR Gamer / Tech Enthusiast / ROG Admin

BluePhoenix
Level 7
Thanks for the tips.

I did not know ROG routers from Asus where immune. I currently own an Asus 3100 router. I am not sure if it is a ROG router or if my router is also end of life but I do know that the routers firmware is updated. AI protection is enabled along with all the suggestions it makes. The Asus user interface on this router makes seeing and enabling all that important stuff a breeze. Even for beginner to novice users. I am not using a default password. I dont use wi-fi hotspots and I dont know how I would use VPN. I know VPNs are more secure though.

I know Asus used to have a general forum but when typing in "Asus forum" in Google, the only results that show up are the "ROG forum" and the "Zen Talk forum". I dont know if Asus took their general forum offline or what. Even scrolling in a few pages on Google, this looks to be the case (just ROG forum and third party forums discussing Asus products).

Ive posted on the general Asus forum before but not for a bit so maybe they took the forum down. Thought this was as good as place as any in the meantime to post since the attack now does involve some Asus routers. Looks like its a nasty cyber attack by another developed country against the US and other developed countries. An attack that looks to be evolving. An attack that may become sophisticated enough to involve all Asus routers in time if the responsible parties continued to evolve it or if they want to develop something different.

BluePhoenix wrote:
Thanks for the tips.

I did not know ROG routers from Asus where immune. I currently own an Asus 3100 router. I am not sure if it is a ROG router or if my router is also end of life but I do know that the routers firmware is updated. AI protection is enabled along with all the suggestions it makes. The Asus user interface on this router makes seeing and enabling all that important stuff a breeze. Even for beginner to novice users. I am not using a default password. I dont use wi-fi hotspots and I dont know how I would use VPN. I know VPNs are more secure though.

I know Asus used to have a general forum but when typing in "Asus forum" in Google, the only results that show up are the "ROG forum" and the "Zen Talk forum". I dont know if Asus took their general forum offline or what. Even scrolling in a few pages on Google, this looks to be the case (just ROG forum and third party forums discussing Asus products).

Ive posted on the general Asus forum before but not for a bit so maybe they took the forum down. Thought this was as good as place as any in the meantime to post since the attack now does involve some Asus routers. Looks like its a nasty cyber attack by another developed country against the US and other developed countries. An attack that looks to be evolving. An attack that may become sophisticated enough to involve all Asus routers in time if the responsible parties continued to evolve it or if they want to develop something different.


Your post is ridiculous, you knew exactly what you were doing. Stop....just stop. Sensationalist bull****.

Sprayingmango wrote:
Your post is ridiculous, you knew exactly what you were doing. Stop....just stop. Sensationalist bull****.


Yeah dude, you are me so you know exactly what I am doing. Do you fortune tell as a side job or is it your main one? If it is I suggest finding another line of work.

I posted on this forum because one, I wanted to and to, two, because two I am concerned once I saw the list of Asus routers added to the list, and three because I dont know what happend to Asus' regular forum. But, you already knew that since you are a mind reader and a fortune teller............

Do me a favor and the next time you feel like being an ass and you dont like a thread, dont comment.

BluePhoenix wrote:
Yeah dude, you are me so you know exactly what I am doing. Do you fortune tell as a side job or is it your main one? If it is I suggest finding another line of work.

I posted on this forum because one, I wanted to and to, two, because two I am concerned once I saw the list of Asus routers added to the list, and three because I dont know what happend to Asus' regular forum. But, you already knew that since you are a mind reader and a fortune teller............

Do me a favor and the next time you feel like being an ass and you dont like a thread, dont comment.


I previously edited the thread title to more accurately reflect the subject of this thread. Regarding "Asus' regular forum" the VIP forum was stickly a user-to-user forum. It never had direct support from ASUS employees.

Browni
Level 7
MasterC@ASUS & BluePhoenix, the reason the routers are showing as 'new' is because they weren't included in the original list of affected routers, nothing to do with their age.

Regarding support for routers, the VIP forums have been closed down.

Where do we go for support? The closed forums now link to the ROG forums as can be seen here https://rog.asus.com/forum/showthread.php?102248-Trouble-accessing-Asus-forums/page3#post723082

MasterC
Community Admin
Community Admin
Browni wrote:
MasterC@ASUS & BluePhoenix, the reason the routers are showing as 'new' is because they weren't included in the original list of affected routers, nothing to do with their age.

Regarding support for routers, the VIP forums have been closed down.

Where do we go for support? The closed forums now link to the ROG forums as can be seen here https://rog.asus.com/forum/showthread.php?102248-Trouble-accessing-Asus-forums/page3#post723082


The ASUS support team will be a better option for any further questions you may have. To contact support for ASUS networking products, please call 1-812-282-2787 (US - toll free)). Or email the ASUS support team at: networking_support@asus.com

Numbers for other regions: https://www.asus.com/support/CallUs#

To help provide ROG forum members a better place to discuss and find answers easier, this section was created specifically for ROG routers.

Thank you.
_____________________________________________________________
FPS, Racing, and VR Gamer / Tech Enthusiast / ROG Admin

Browni
Level 7
Call an international phone number? You're having a giraffe.

So long and thanks for the fish ASUS, you've lost me as a customer.


Anybody fancy a DSL-AC88U that's currently synching at 220/35 on G.fast?

It will end up on eBay soon.