Apache firewall servers, communicating through Wi-Fi modems. Twice now, we have been told to re-boot our Wi-Fi modems to strip out [activate?] out-side source hacks.
Isn’t THAT convenient?
Recently, an NSA cyber security guy came out and said that rebooting our wifi did not, in most cases, remove the malware from the router itself and called on internet services companies to provide their users with instructions on how to do so.
If a router has this malware on it, it can defeat VPN (privacy software) and can launch destructive malware onto connected computers, expose personal information, participate in bot attacks, and delete evidence of its presence before permanently disabling the wifi. These seem to be capabilities custom made for black hats that want the ability to utilize users’ computers in widespread attacks and bring down websites or shut down Internet access to many simultaneously.
The malware is called VirtualVPN. Initially the public was advised to reboot their wifi device to remove it, but that only removes two stages of the malware and the remaining stage continually “refreshes” the infection of the WIFI and connected devices.
I’m having trouble finding the updated list of affected routers - supposedly more are affected than are listed. While there are more recent lists of affected routers - this article includes a list from May:
https://www.pcmag.com/news/361431/is-your-router-vulnerable-to-vpnfilter-malware
This article includes information on how to remove it:
https://www.wikihow.com/Remove-VPNFilter-Malware-from-Your-Router
Yes, so if they are embedding new code internally to your WiFi as is typically allowed by the Mfg to update the code that makes it run and rebooting embeds and activates it. On my WiFi devices I would turn off all ports an set it up to ignore incoming requests to enter unless they were associated with me requesting from inside the wall. Gamers are especially at risk as opening these “windows” is required to enable function. So what may be required is to “downgrade” the code in your device by going to the Mfg site and pulling it down and resetting your device with a lower level code. I am sure some other Geeks here have more insight on this and how to recover from this.