Send sanog mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sanog.org/mailman/listinfo/sanog
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sanog digest..."
Today's Topics:
1. Ubiquiti AirOS/AirMax worm in the wild (Phil Regnauld)
----------------------------------------------------------------------
Message: 1
Date: Sun, 15 May 2016 08:59:29 +0200
From: Phil Regnauld <[email protected]>
To: [email protected]
Subject: [SANOG] Ubiquiti AirOS/AirMax worm in the wild
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=us-ascii
Forwarding this from a colleague. The reference to the PHP exploit could
be related, but either way, it's happening now.
- - - -
I'm told that the local WISP operator community is dealing with a new
worm[1] that exploits Ubiquiti AirOS devices running older firmwares.
This could potentially be a lot of devices.
http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
has ISPs from Spain, Brasil, and the US reporting infections in the
last 24 hours.
Versions prior to these are vulnerable:
5.5.11 XM/TI.
5.5.10u2 XW
5.6.2 XW/XM/TI
There looks to be some more information here:
https://hackerone.com/reports/73491
If you know anyone who makes use of UBNT AirOS products, now might be
a time to give them a nudge.
[1] quote from the forums "It's a self-distributing virus, so, once it
can "see" neighbour antenas within the same subnet, it attacks the
others."
- - - -
------------------------------
_______________________________________________
sanog mailing list
[email protected]
https://lists.sanog.org/mailman/listinfo/sanog
End of sanog Digest, Vol 52, Issue 4
************************************
