[AusNOG] Fwd: [SANOG] Ubiquiti AirOS/AirMax worm in the wild
Ben Hohnke
settra+ausnog at gmail.com
Sun May 15 17:37:48 EST 2016
There's people on that forum running these radios with public addressing -
I'm assuming with poor firewalling also (considering the fact that they got
infected). The affected firmware is 12-18 months old.
I reckon if you're running radios accessible from the internet, with old
software, you're asking to get compromised.
Ben
On Sun, May 15, 2016 at 5:08 PM Skeeve Stevens <
skeeve+ausnog at eintellegonetworks.com> wrote:
> Oh oh,
>
> ...Skeeve
>
> *Skeeve Stevens - Founder & The Architect* - eintellego Networks Pty Ltd
> Email: skeeve at eintellegonetworks.com ; Web: eintellegonetworks.com
>
> Cell +61 (0)414 753 383 ; Skype: skeeve ; LinkedIn: /in/skeeve
> <http://linkedin.com/in/skeeve> ; Expert360: Profile
> <https://expert360.com/profile/d54a9> ; Keybase: https://keybase.io/skeeve
>
> ---------- Forwarded message ----------
> From: Phil Regnauld <regnauld at nsrc.org>
> Date: Sun, May 15, 2016 at 4:59 PM
> Subject: [SANOG] Ubiquiti AirOS/AirMax worm in the wild
> To: sanog at sanog.org
>
>
> Forwarding this from a colleague. The reference to the PHP exploit could
> be related, but either way, it's happening now.
>
> - - - -
>
> I'm told that the local WISP operator community is dealing with a new
> worm[1] that exploits Ubiquiti AirOS devices running older firmwares.
> This could potentially be a lot of devices.
>
>
> http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
> has ISPs from Spain, Brasil, and the US reporting infections in the
> last 24 hours.
>
> Versions prior to these are vulnerable:
>
> 5.5.11 XM/TI.
> 5.5.10u2 XW
> 5.6.2 XW/XM/TI
>
> There looks to be some more information here:
> https://hackerone.com/reports/73491
>
> If you know anyone who makes use of UBNT AirOS products, now might be
> a time to give them a nudge.
>
>
> [1] quote from the forums "It's a self-distributing virus, so, once it
> can "see" neighbour antenas within the same subnet, it attacks the
> others."
>
> - - - -
> _______________________________________________
> sanog mailing list
> sanog at sanog.org
> https://lists.sanog.org/mailman/listinfo/sanog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160515/b7531b4e/attachment.html>
More information about the AusNOG
mailing list