Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 3
Registered: ‎05-17-2016

Legacy and AF5x still infected

[ Edited ]

Dear UBNT Support

 

we have probably 200 to 300 infected devices on our network (total 1.000 users)


tonight we were able to remove the malware from a first PowerBeam M5-300, using the new tool version 0.8:

http://www.ubnt.com/downloads/XN-fw-internal/tools/CureMalware-0.8.jar

(and prior to that, a factory reset, which worked)

the customer got his cpe back at midnight and has already reinstalled it



Questions:

a) which tool can we use for cleanup of a legacy Bullet5?

we fear we have >80 infected Bullet5 and also maybe 20 Nanostation5 (same firmware if I remember right)

The Nanostation5 was the breakthrough product that convinced us in 2008 to start deploying Ubiquity cpes. We still have hundred pieces on net.

I also think that with older Bullet5 and Nanostation5, the POE PSU reset button is not recognized, it was a newer feature, so we have to climb on each customer´s roof, that could be a real nightmare!



b) which tool can we use for cleanup of a AirFiber5x?

we have two infected AF5x too

none of them is answering to a local ping or a local ssh access attempt, both link sides are affected, neither on the assigned IP nor on the factory IP (192.168.1.20), no answer at all

on the 24V high-power AF5x POE PSU I can´t see a factory reset button; should we climb on two towers for that? or could we use a standard 24V 1A Gigabit POE PSU with reset button, and the AF5x will recognize the remote reset?


behind that nonworking AF5x link (not exposed to Internet, but still infected, even if NO other device on that subnet is infected, that´s really strange I think) we have 50 clients; when the link will work again, we will know how many of that customers are working and how many are infected.


Thank you for your advice.

Best regards

Francesco

Ubiquiti Employee
Posts: 7,588
Registered: ‎11-27-2012
Kudos: 2007
Solutions: 483
Contributions: 73

Re: Virus! Official real statement please!


Francesco772 wrote:

Dear UBNT Support

 

we have probably 200 to 300 infected devices on our network (total 1.000 users)


tonight we were able to remove the malware from a first PowerBeam M5-300, using the new tool version 0.8:

http://www.ubnt.com/downloads/XN-fw-internal/tools/CureMalware-0.8.jar

(and prior to that, a factory reset, which worked)

the customer got his cpe back at midnight and has already reinstalled it



Questions:

a) which tool can we use for cleanup of a legacy Bullet5?

we fear we have >80 infected Bullet5 and also maybe 20 Nanostation5 (same firmware if I remember right)

The Nanostation5 was the breakthrough product that convinced us in 2008 to start deploying Ubiquity cpes. We still have hundred pieces on net.

I also think that with older Bullet5 and Nanostation5, the POE PSU reset button is not recognized, it was a newer feature, so we have to climb on each customer´s roof, that could be a real nightmare!



b) which tool can we use for cleanup of a AirFiber5x?

we have two infected AF5x too

none of them is answering to a local ping or a local ssh access attempt, both link sides are affected, neither on the assigned IP nor on the factory IP (192.168.1.20), no answer at all

on the 24V high-power AF5x POE PSU I can´t see a factory reset button; should we climb on two towers for that? or could we use a standard 24V 1A Gigabit POE PSU with reset button, and the AF5x will recognize the remote reset?


behind that nonworking AF5x link (not exposed to Internet, but still infected, even if NO other device on that subnet is infected, that´s really strange I think) we have 50 clients; when the link will work again, we will know how many of that customers are working and how many are infected.


Thank you for your advice.

Best regards

Francesco


Sending you an email @Francesco772

Highlighted
New Member
Posts: 7
Registered: ‎05-19-2016

Re: Virus! Official real statement please!

[ Edited ]

Hi @UBNT-James. It seems were are experiencing similar problems with our AF5 and AF5X. Can I get that email as well?

New Member
Posts: 2
Registered: ‎03-30-2014

Re: Virus! Official real statement please!

Email me as well. Same issue.

New Member
Posts: 4
Registered: ‎03-13-2015
Kudos: 3

Re: Legacy and AF5x still infected

@UBNT-James we have a few NSM5's that are affected as well.  I'd appreciate an email.  In particular, I'd like to know the attack vector used.

Reply