Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 9
Registered: ‎04-03-2014
Kudos: 3

Re: Virus attack - URGENT @UBNT

If the virus chnge me the password and the username how i can fix it?

 

 

Emerging Member
Posts: 46
Registered: ‎09-16-2013
Kudos: 3

Re: Virus attack - URGENT @UBNT

Who uses Legacy Products example Nanostation Ns2 or Bullet 2 HP will have an update?

 

Thanks

New Member
Posts: 14
Registered: ‎06-23-2013
Kudos: 3

Re: Virus attack - URGENT @UBNT

Can anyone confirm, if you upgrade using TFTP all custom scripts will be removed? thus removing all traces of the virus?

New Member
Posts: 7
Registered: ‎08-08-2011

Re: Virus attack - URGENT @UBNT

The virus only atacks radios with default password ?

There is one ip ou ports to block on the firewall to prevent this ??

New Member
Posts: 9
Registered: ‎04-03-2014
Kudos: 3

Re: Virus attack - URGENT @UBNT

The viurs use a vulnerability of some protocols so,

 

Block on the firewall the port 80,443 and 22

 

Also you can't upggrade to solve it becuase the virus use all the free mem so you need to clean it first and then upgrade

 

Deleted Account
Posts: 0

Re: Virus attack - URGENT @UBNT

The virus only atacks radios with default password ?

Thats a stupid question. If your using default password then you need to find a new job !

 

Block on the firewall the port 80,443 and 22

You should not allow ANY REMOTE connections ! People, its a dangerious world we live in. Wake up!

New Member
Posts: 4
Registered: ‎05-14-2016
Kudos: 4

Re: Virus attack - URGENT @UBNT

Hello,

I am sharing some scripts that ran on the network to idenficar and remove the files from the device to prevent new infections, I am changing the HTTP port.

Later we will upgrade equipment to help staff'm providing in a github.

You can change it and contribute ideas are ways to automate that I am providing.

As an idea to be contributed, we could have a way to identify the version and send the updated firmware, if someone has this script in hand, please contribute without fear.

 

 

https://github.com/diegocanton/remove_ubnt_mf

Established Member
Posts: 2,399
Registered: ‎06-04-2008
Kudos: 523
Solutions: 6

Re: Virus attack - URGENT @UBNT


mseeEngineer wrote:
The virus only atacks radios with default password ?

Thats a stupid question. If your using default password then you need to find a new job !

 

Block on the firewall the port 80,443 and 22

You should not allow ANY REMOTE connections ! People, its a dangerious world we live in. Wake up!


Would you not break NAT?

New Member
Posts: 6
Registered: ‎10-24-2013

Re: Virus attack - URGENT @UBNT

It appears that this virus is initiating some sort of denial of service attack on our network. This makes it very hard to login via SSH and it is occuring along with the inability to access modem interfaces, custom script enabled, etc. We are getting ready to dispatch field technicians to reset and upgrade customer modems.
Can anyone confirm that a factory reset and firmware update to 5.6.2 or 5.6.4 will purge the virus?
Established Member
Posts: 1,420
Registered: ‎05-18-2011
Kudos: 505
Solutions: 109
Contributions: 2

Re: Virus attack - URGENT @UBNT

[ Edited ]

Please, read all the thread before post...

Highlighted
Ubiquiti Employee
Posts: 7,506
Registered: ‎11-27-2012
Kudos: 1967
Solutions: 478
Contributions: 73

Re: Virus attack - URGENT @UBNT

[ Edited ]

HI Everyone,

Updating this post to point to most up to date info in airMAX Blog.

 

http://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/b...

 

EDIT: Added updated removal tool v1.0

 

Emerging Member
Posts: 46
Registered: ‎09-16-2013
Kudos: 3

Re: Virus attack - URGENT @UBNT

Hi and Who uses Legacy Products example Nanostation Ns2 or Bullet 2 HP will have an update?

 

Thanks

Ubiquiti Employee
Posts: 7,506
Registered: ‎11-27-2012
Kudos: 1967
Solutions: 478
Contributions: 73

Re: Virus attack - URGENT @UBNT


mdassilva wrote:

Hi and Who uses Legacy Products example Nanostation Ns2 or Bullet 2 HP will have an update?

 

Thanks


Legacy products were updated last year.  If you are using 4.04, you are protected against this exploit.

New Member
Posts: 7
Registered: ‎08-08-2011

Re: Virus attack - URGENT @UBNT

Off course i am not using the default pw.

Roll Eyes (Sarcastic)

Emerging Member
Posts: 46
Registered: ‎09-16-2013
Kudos: 3

Re: Virus attack - URGENT @UBNT

In my devices I found folder `https` in this latest version would be a problem or because they use a port other than 80?

 

Thanks

Maison

Ubiquiti Employee
Posts: 7,506
Registered: ‎11-27-2012
Kudos: 1967
Solutions: 478
Contributions: 73

Re: Virus attack - URGENT @UBNT


Niex wrote:

Off course i am not using the default pw.

Roll Eyes (Sarcastic)


This particular exploit bypasses password authentication.

New Member
Posts: 19
Registered: ‎09-06-2009

Re: Virus attack - URGENT @UBNT

We got around 800 devices resetted to default.. also with firmware 5.6.4

New Member
Posts: 25
Registered: ‎01-21-2010
Kudos: 3

Re: Virus attack - URGENT @UBNT

Hi James

I'm running 5.6.2 on all my devices,  do I need to upgrade to 5.6.4 or am I ok?  I also have ports 80, 443, 22 and 23 block at the mason router.  Thanks. 

Ubiquiti Employee
Posts: 7,506
Registered: ‎11-27-2012
Kudos: 1967
Solutions: 478
Contributions: 73

Re: Virus attack - URGENT @UBNT


ivanbon wrote:

We got around 800 devices resetted to default.. also with firmware 5.6.4


Are all devices that are reset on 5.6.4 or only some?  

 

Are all radios using the same user/pass?

 

 

New Member
Posts: 19
Registered: ‎09-06-2009

Re: Virus attack - URGENT @UBNT

Only some got 5.6.4.. the most ones got 5.5.10 cause our reseller still ship us with that firmware

and yes.. we got 2-3 standard installation password then pretty sure they got same pass

 

 

Reply