Reply
Highlighted
Member
Posts: 102
Registered: ‎12-11-2014
Kudos: 22
Solutions: 4

Malware detected...

Hey all.

 

We operate a wisp with just over 1,000 clients and try to keep our firmware up to date as we had a run in with the MF virus back in 2016 I think it was. We had an airContol scan detect 7 infections earlier today and were able to clean / locate 3 of the devices. The 4 other devices detected did not show to be cleaned, but a second detection did not show the other 4 after the 3 mentioned below were cleaned.

 

These were the devices that were infected / cleaned and the firmware that they are / were running at the time we found the infections: 

 

192.168.x.x - (Version:v6.1.7-beta4.32508 (XM)) - NanoBridge M900
192.168.x.x - (Version:v6.1.6 (XM)) - Rocket M900
192.168.x.x - (Version:v6.1.7-beta2.32407 (XW)) - PBE-M5-620

 

The above are in three different geographic areas of our network. We were wanting to find out if anyone else has seen in any malware in their network recently. We did check the logs on the 3 mentioned devices and didn't noticed anything odd. We wanted to let the community know. We have download .SUP for the 3 devices in case UBNT support wants to look them over.

 

Thanks!

Ubiquiti Employee
Posts: 11,321
Registered: ‎11-27-2012
Kudos: 3569
Solutions: 737
Contributions: 73

Re: Malware detected...

Are you running any custom scripts on these radios?

 

Could you send over the .sups to james@ubnt.com and include a reference to this thread?

 

I would also try logging into any suspect devices via SSH and list the contents of:

 

ls -al /etc/persistent/

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

Member
Posts: 102
Registered: ‎12-11-2014
Kudos: 22
Solutions: 4

Re: Malware detected...

We don't run any customer scripts in the network. I will email those .Sup files over right away and we will try to SSH in the three devices we know were affected and run the command. Thanks James!

Ubiquiti Employee
Posts: 11,321
Registered: ‎11-27-2012
Kudos: 3569
Solutions: 737
Contributions: 73

Re: Malware detected...


@TCILarry wrote:

We don't run any customer scripts in the network. I will email those .Sup files over right away and we will try to SSH in the three devices we know were affected and run the command. Thanks James!


I didn't see anything suspicious in the .sup files.  I added a note on your ticket as well.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

Member
Posts: 102
Registered: ‎12-11-2014
Kudos: 22
Solutions: 4

Re: Malware detected...

We have another radio we suspected which we immediately ACL blocked it from our tower. We're going today to change radio out and recover the old unit. Once we get it back to the office I will unplug from the network and do the testing. Update soon. Thanks again.

Reply