Ubiquiti Customers:

https://threatpost.com/ubiquiti-networks-gear-targeted-by-worm/118185/

http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940

“the worm is exploiting a known vulnerabilities in the AirOS firmware (5.6.2 or older) that was patched early last year. It is urging customers that haven’t already, to update their firmware.”





ISP equipment maker Ubiquiti Networks is fending off a stubborn worm targeting its networking equipment running outdated AirOS firmware. According to security experts, the worm is already being blamed for crippling networking gear in the Argentina, Brazil, Spain and the United States. Ubiquiti confirmed the infection via a user forum, notifying customers that there are two to three different variants of the worm. The company said the worm is exploiting a known vulnerabilities in the AirOS firmware (5.6.2 or older) that was patched early last year. It is urging customers that haven’t already, to update their firmware.

See more at: Ubiquiti Networks Gear Targeted By Worm https://wp.me/p3AjUX-uKd

“The problem is, nobody patched their systems,” said Nico Waisman, vice president of security company Immunity. Waisman has been tracking this worm from its first reported attack on Sunday. He said the worm is quickly wending its way to infect companies that rely on Ubiquiti’s networking platform that include ISPs, hotels, universities, and military customers. “It’s infecting a lot of machines,” Waisman said. “There are a considerable amount of desperate people having to reconfigure dozens and dozens of devices.” The worm is peculiar for a number of different reasons. For starters, impacted Ubiquiti hardware is not left unusable. Rather, in most cases the worm simply strips hardware of any preexisting configuration settings and reverts it to its factory default condition. Targeted hardware includes airMAX M, airMAX AC, ToughSwitch, airGateway and airFiber. The worm also has a profane name and removes the username and password on infected systems and replaces it with its own profane username. According to Matt Hardy, head of security for Ubiquiti, the worm only impacts poorly configured networks that are using hardware that has not been updated. He said, Ubiquiti released the patch “quietly” in 2015 for a vulnerability that was found through the company’s bug bounty program. Hardy told Threatpost that on Sunday when Ubiquiti learned attackers released a worm that took advantage of the old vulnerability it created a removal tool. Since Sunday, Hardy said, he is aware of only a handful of companies impacted by the worm.

See more at: Ubiquiti Networks Gear Targeted By Worm https://wp.me/p3AjUX-uKd

___________________________________________

Secure, Business Grade Global Web Hosting

LiquidLayer Web Hosting
http://www.liquidlayer.net