That VPNFilter botnet the FBI wanted us to help kill? It's still alive

A new report says the botnet has more capabilities and affected more routers.

Marrian Zhou Staff Reporter
Marrian Zhou is a Beijing-born Californian living in New York City. She joined CNET as a staff reporter upon graduation from Columbia Journalism School. When Marrian is not reporting, she is probably binge watching, playing saxophone or eating hot pot.
Marrian Zhou
2 min read

VPNFilter malware has affected more than 500,000 routers.

Chris Monroe/CNET

Remember two weeks ago when the FBI asked everyone to reboot their routers to help destroy the VPNFilter botnet?

Not only is it not destroyed, but the VPNFilter  malware may have even more capabilities and is going after more devices than previously thought, according to a report from Cisco's Talos security unit on Wednesday. Ars Technica first reported on the report.

One significant discovery is the "ssler" (pronounced Esler) -- a module that lets hackers intercept traffic passing through the compromised device or router, Talos said.

The revelation indicates that VPNFilter has affected more routers than the 500,000 the FBI said were infected. The FBI had sought to destroy the botnet with the public's help, but it turns out that even if you did your part, VPNFilter remains alive and people are still vulnerable.

"I'm concerned that the FBI gave people a false sense of security," Talos senior technology leader Craig Williams said in an interview with Ars Technica. "VPNFilter is still operational. It infects even more devices than we initially thought, and its capabilities are far in excess of what we initially thought. People need to get it off their network."

The FBI declined to comment on the report or say how effective its efforts to fight the botnet were.

Talos also found that the malware has affected more routers from ASUS , D-Link , Huawei , Ubiquiti, UPVEL and ZTE . New devices from previously affected vendors include Linksys , MikroTik, Netgear and TP-Link, according to the firm.

Cisco Talos didn't respond to a request for comment.

Here's what you can do to get rid of VPNFilter malware.

First published Jun. 6, 3:12 p.m. PT:
Update, Jun. 7 2:34 p.m.: Adds that the FBI declined to comment.

CNET's Laura Hautala contributed to this report.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night. 

Special Reports: CNET's in-depth features in one place.