Hi All I'm told that the local WISP operator community is dealing with a new worm[1] that exploits Ubiquiti AirOS devices running older firmwares. This could potentially be a lot of devices. http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-U... has ISPs from Spain, Brasil, and the US reporting infections in thelast 24 hours. Versions prior to these are vulnerable: 5.5.11 XM/TI. 5.5.10u2 XW 5.6.2 XW/XM/TI There looks to be some more information here which might or might not be related. https://hackerone.com/reports/73491 If you know anyone who makes use of UBNT AirOS products, now might be a time to give them a nudge. [1] quote from the forums "It's a self-distributing virus, so, once it can "see" neighbour antenas within the same subnet, it attacks the others."
don't know if this is related but over the few days I'm getting attacked by ips from Spain, Brazil e.g. : 132.255.108.239 - - [16/May/2016:01:19:18 -0700] "GET / HTTP/1.1" 302 411 "-" "curl/7.17.1 (mips-unknown-linux-gnu) libcurl/7.17.1 OpenSSL/0.9.8i zlib/1.2.3"
participants (2)
-
bigalownz -
Dean Pemberton