Symantec has developed VPNFilter Check, a free online tool to help individuals and organisations quickly determine if their router might have been compromised by the VPNFilter malware. More precisely, VPNFilter Check ascertains if traffic into either a home or corporate network is being altered by an infected router. "This malware is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot," said Stephen Trilling, senior vice president and general manager, security analytics and research, Symantec. "Symantec's online VPNFilter Check tool provides individuals and organizations with an easy way to determine if their routers have been compromised by this threat, and suggests steps they can take if infected."
Antivirus industry veteran Vesselin Bontchev told
El Reg that the tool detects if VPNFilter is messing with a connection without providing confirmation whether or not an IoT device is infected. "It won't detect VPNFilter in the router in general, it will only detect if something is messing with the HTTPS connection," Bontchev
explained. "One component of VPNFilter (which is not always present) can do that. If it is there and if it is active, the degrading of HTTPS to HTTP that it performs will be detected."