[AusNOG] Fwd: [SANOG] Ubiquiti AirOS/AirMax worm in the wild

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Sun May 15 17:07:27 EST 2016


Oh oh,

...Skeeve

*Skeeve Stevens - Founder & The Architect* - eintellego Networks Pty Ltd
Email: skeeve at eintellegonetworks.com ; Web: eintellegonetworks.com

Cell +61 (0)414 753 383 ; Skype: skeeve ; LinkedIn: /in/skeeve
<http://linkedin.com/in/skeeve> ; Expert360: Profile
<https://expert360.com/profile/d54a9> ; Keybase: https://keybase.io/skeeve

---------- Forwarded message ----------
From: Phil Regnauld <regnauld at nsrc.org>
Date: Sun, May 15, 2016 at 4:59 PM
Subject: [SANOG] Ubiquiti AirOS/AirMax worm in the wild
To: sanog at sanog.org


Forwarding this from a colleague. The reference to the PHP exploit could
be related, but either way, it's happening now.

- - - -

I'm told that the local WISP operator community is dealing with a new
worm[1] that exploits Ubiquiti AirOS devices running older firmwares.
This could potentially be a lot of devices.

http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
has ISPs from Spain, Brasil, and the US reporting infections in the
last 24 hours.

Versions prior to these are vulnerable:

5.5.11 XM/TI.
5.5.10u2 XW
5.6.2 XW/XM/TI

There looks to be some more information here:
https://hackerone.com/reports/73491

If you know anyone who makes use of UBNT AirOS products, now might be
a time to give them a nudge.


[1] quote from the forums "It's a self-distributing virus, so, once it
can "see" neighbour antenas within the same subnet, it attacks the
others."

- - - -
_______________________________________________
sanog mailing list
sanog at sanog.org
https://lists.sanog.org/mailman/listinfo/sanog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160515/d15840a3/attachment.html>


More information about the AusNOG mailing list