So we have this customer who experienced a ferocious malware, still waiting on more details from the customer, its very interesting because it crossed multiple platforms. multiple cell phones, a satellite DVR, a PC etc. Im not sure how he verified infection, but he did have to factory his phones, his PC he said required a hard drive replacement (not sure what or who decided this) not sure how the satellite DVR was mitigated. He thinks it came from a Rise Broadband (formerly Prairie Inet ESSID (I doubt this, the ESSIDs prairie inet ran were open, with other security for the access) With it being as cross platform as it was im wondering how i would check the air router we provide to see if it got hit as well. All we do is a dump file on the current firmware that sets a password, ensures 443 is open, sets a DMZ to an IP out of the DHCP scope, and we manually set the ESSID with WPA2, the key being the MAC on the label ( it think this is the WLAN) (we disable snmp, telnet, but leave ssh open), we also turn off CDP and the ubnt discovery
Im hoping he has some good info on what this actually was, and its not just a case of his buddy jim telling him all this. Anybody know of something in the wild capable of hitting all these devices across a network (wired/wireless) Im asking about the airrrouter in particular, considering if it were impacted, that could be a mess at the POP since most customer NAT are in the same subnet, with duplicate configs -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
