FBI takes control over Russia’s VPNFilter router botnet – CSO | The Resource for Data Security Executives
The domain seizure will help the US government identify infected devices and begin the process of removing infections.
VPNFilter has three stages. Unlike most previous examples of IoT malware, the VPNFilter’s Stage 1 malware can persist after a reboot and is responsible for installing subsequent stages that pose a risk to users and potentially entire nations.
The seized domain allows the FBI to capture the IP addresses of infected routers. Non-profit security group, The Shadowserver Foundation, will distribute the IP addresses to various CERTs and ISPs in the US and abroad.
The most dangerous parts of the VPNFilter, known as Stage 2, allow its controllers to disable a single device or all infected devices at once. This component does not persist after a router is rebooted. However, since Stage 1 will survive a reboot, it may allow the attackers to re-infect routers after a reboot. Read more…