Barcelona, Spain, July 19, 2018 --(PR.com
)-- As of 24 May 2018, VPNFiler is estimated to infect approximately 500,000 to 1,000,000 routers worldwide. It can steal data, contains a "kill switch" designed to destroy the infected router on command, and is able to persist should the user reboot the router.
The VPNFilter malware actually installs itself in multiple stages:
• Stage 1 involves a worm and adds it to the crontab, the list of tasks run at regular intervals by the cron scheduler on Linux. This allows it to remain on the device, to re-infect it with the subsequent stages if they are removed.
• Stage 2 is the actual body of the malware, including the basic code that carries out all normal functions and executes any instructions requested by special, optional Stage 3 modules.
• Stage 3 can be any of various "modules" that tell the malware to do specific things, like spying on industrial control devices (Modbus SCADA) or using secure "dark web" Tor software to communicate via encryption
WoMaster industrial router and switch products, ex. WR series, SCB series, DS/DP/MP series, and RS/RP series, don’t use cron scheduler but apply WoMaster patented scheduler technology instead. Therefore, The VPNFilter malware have no opportunity to add a worm to the crontab at Stage 1. This is the reason why WoMaster industrial router and switch products are all immune of VPNFiler.
WoMaster Group is an international group with over 20 years of industrial market experience. We provide rugged products with customer oriented support for critical applications such as railway, power and utility, waste water, intelligent transportation and IP surveillance. WoMaster product range includes Industrial Networking and Computing products.