Linux variant worm affects Ubuquiti routers and radios

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View

Foul-mouthed worm takes control of wireless ISPs around the globe
Active attack targets Internet-connected radios from Ubiquiti Networks.

http://arstechnica.com/security/2016/05/foul-mouthed-worm-takes-control-of-
wireless-isps-around-the-globe/


 Risk Assessment / Security & Hacktivism
Foul-mouthed worm takes control of wireless ISPs around the globe
Active attack targets Internet-connected radios from Ubiquiti Networks.

ISPs around the world are being attacked by self-replicating malware that  
can take complete control of widely used wireless networking equipment,  
according to reports from customers and a security researcher who is  
following the ongoing campaign.

San Jose, California-based Ubiquiti Networks confirmed on Friday that  
attackers are actively targeting a flaw in AirOS, the Linux-based firmware  
that runs the wireless routers, access points, and other gear sold by the  
company. The vulnerability, which allows attackers to gain access to the  
devices over HTTP and HTTPS connections without authenticating themselves,  
was patched last July, but the fix wasn't widely installed. Many customers  
claimed they never received notification of the threat.

Nico Waisman, a researcher at security firm Immunity, said he knows of two  
Argentina-based ISPs that went dark for two days after being hit by the  
worm. He said he's seen credible reports of ISPs in Spain and Brazil being  
infected by the same malware and that it's likely that ISPs in the US and  
elsewhere were also hit, since the exploit has no geographic restrictions.  
Once successful, the exploit he examined replaces the password files of an  
infected device and then scans the network it's on for other vulnerable  
gear. After a certain amount of time, the worm resets infected devices to  
their factory default configurations, with the exception of leaving behind  
a backdoor account, and then disappears. Ubiquiti officials have said  
there are at least two variations, so it's possible that other strains  
behave differently.


Re: Linux variant worm affects Ubuquiti routers and radios


Quoted text here. Click to load it

hjkiiggg

Site Timeline