Anyone had their router hacked?

  • 1
  • Question
  • Updated 4 weeks ago
Was checking my remote site router today and found changes to the language (changed to korean), ddns, etc. Changed everything back. Router reverted back to Korean etc. Appears to 
be malware. Not sure if it's the VPNFilter malware or not. The router is a ASUS RT-AC66U and it's now on the VPNFilter malware affected routers list. You may want to check your router for any changes

Known affected routers is at the bottom of the page at this link
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
Photo of Ron W4RDM

Ron W4RDM

  • 35 Posts
  • 9 Reply Likes

Posted 5 months ago

  • 1
Photo of Lasse Moell

Lasse Moell

  • 90 Posts
  • 16 Reply Likes
Symantec offers an online check...
http://www.symantec.com/filtercheck/
Photo of Johan / SE3X

Johan / SE3X

  • 86 Posts
  • 20 Reply Likes
Tnx! came out clean.
Photo of Martin Ewing AA6E

Martin Ewing AA6E

  • 292 Posts
  • 58 Reply Likes
Everybody should make sure their routers are up to date with latest mfgr's firmware.  Alas, my not-very-old router (Asus RT N66U) is end-of-life with no further support.  I should probably discard it, but trouble is it's working just fine. :-(
Photo of Ted  VE3TRQ

Ted VE3TRQ

  • 123 Posts
  • 40 Reply Likes
The N66U runs the open source router software just fine. I run Tomato on mine with no issues - none of the problems associated with manufacturer's code (as long as you keep up-to-date :-) Allows me to do any VPN- and DNS-related things with ease.
Photo of Martin Ewing AA6E

Martin Ewing AA6E

  • 292 Posts
  • 58 Reply Likes
I have been running the Merlin enhancement for ASUS code very well.  The thing with Tomato, ddwrt, and similar is that you get to spend many hours to install and support an $80 router box.  Tail wags dog.

We've lately cut the CATV cord, so now my router is in the critical path for the house phone and TV, not just web and ham radio.  I.e. it's *really* important now. 
Photo of Ted  VE3TRQ

Ted VE3TRQ

  • 123 Posts
  • 40 Reply Likes
Other than the initial install, and putting in dnsmasq, i don't think I have spent 5 minutes on support for my router. OK, maybe I spent 15 - 20 minutes doing an update once. I have been a Unix developer since 1980, and a Linux user since 1992, so maybe it's unfair to say it is easy, but it just works, and I don't need to reboot the access point and router to keep it working. My uptime is at least a year or more.
Photo of Bill Roberts

Bill Roberts

  • 222 Posts
  • 40 Reply Likes
I have read about router hacking but perhaps like many, hadn't taken it seriously until reading your story.  My thought was "who would want to hack me?"  I just installed a Tenda NOVA MW3 mesh network and am very pleased with how it serves our fairly spread out 1 story home.  But sitting down our basement waiting for some Craigslist buyer is our old ASUS RT-AC66U.  Ouch!
Photo of John - K3MA

John - K3MA

  • 273 Posts
  • 78 Reply Likes
I would buy it for the cost of shipping if you want to get rid of it.  I would put it on the shelf as a backup for the one I have that has been extremely reliable.  You can contact me at mycall@outlook.com if your interested.

John K3MA
Photo of Martin Ewing AA6E

Martin Ewing AA6E

  • 292 Posts
  • 58 Reply Likes
Are the volunteer (open source) support folks on top of emerging security issues, I wonder? (Not that vendor support is always so good.)
Photo of Ted  VE3TRQ

Ted VE3TRQ

  • 122 Posts
  • 40 Reply Likes
More so than the vendors, for sure. I have rarely seen a vendor firmware update that addressed security. I have seen (and installed,when warranted) some from open source vendors. For sure the open router community routinely releases security fixes which can be incorporated into specific releases such as dd-wrt and Tomato..
(Edited)
Photo of Ted  VE3TRQ

Ted VE3TRQ

  • 122 Posts
  • 40 Reply Likes
By the way, I suspect that recent events in the OpenWRT community will affect releases such as dd-wrt and Tomato - we will have to see how fast they react.
Photo of N8SDR

N8SDR

  • 120 Posts
  • 21 Reply Likes
I  work as an I/T tech  running my own company and can tell you this happens more often then gets media or public attention, last couple month I have changed out and or upgraded firmware on several clients routers in order to help keep them from risk. There is a-lot of good information regarding these attacks which can be found here -https://www.bleepingcomputer.com/news/security/the-vpnfilter-botnet-is-attempting-a-comeback/
(Edited)
Photo of John - WA7UAR

John - WA7UAR

  • 113 Posts
  • 25 Reply Likes
Yes! And here is a related post that gives instructions for removing the botnet from specific routers that are vulnerable to this reemerging threat:
https://www.bleepingcomputer.com/news...
(Edited)
Photo of N8SDR

N8SDR

  • 120 Posts
  • 21 Reply Likes
 While were on this subject of routers and network VPN's I wanted to share a application called Untangle- I have a few clients in which I have setup this application is creates a very secure router with many options and works extremely well.  If you have an older system and a couple nic cards put it to use as a secure router/firewall/vpn the application has its own operating system which can be downloaded and installed along with the applications and other plugins etc. 

NG Firewall needs a dedicated server to run on. We recommend at least a Pentium 4 Processor (or a similar AMD processor), 80 GB hard drive, 2 network cards, and 1 GB of memory. See additional hardware details. The PC does not need an operating system; NG Firewall installs its own operating system. On installation, the NG Firewall completely erases any content or data that may exist on that server’s hard drive.

https://www.untangle.com/get-untangle/

There documentation is well written and there are many resources to help.
Photo of Berry Johnson

Berry Johnson

  • 2 Posts
  • 0 Reply Likes
We are thrilled when customers discuss their issues and approach us for assistance. However, our solutions are designed in a way to help you save time as well as money.
Netgear Arlo Support