Is everyone aware of this?
Self-propagating malware has infected thousands of devices from wireless equipment vendor Ubiquiti Networks running outdated airMAX, TOUGHSwitch, and airGateway firmware. Ubiquiti identified the vulnerability and released a patch in July 2015. We have seen an active outbreak of this virus recently on unpatched Ubiquiti network devices. The recent availability of active exploits and the ease with which they propagate means administrators should consider patching vulnerable systems a high priority. The malware scans for and distributes itself to other vulnerable systems, causing mass infections from the viru
Summary
Self-propagating malware has infected thousands of devices from wireless equipment vendor Ubiquiti Networks running outdated airMAX, TOUGHSwitch, and airGateway firmware. Ubiquiti identified the vulnerability and released a patch in July 2015. We have seen an active outbreak of this virus recently on unpatched Ubiquiti network devices. The recent availability of active exploits and the ease with which they propagate means administrators should consider patching vulnerable systems a high priority. The malware scans for and distributes itself to other vulnerable systems, causing mass infections from the virus.
Technical Details
The virus affects the following Ubiquiti devices. For protection against the virus, devices should be running at least the firmware versions noted. All versions of firmware prior to those listed are vulnerable: airMAX M (5.5.11 XM/TI, 5.5.10u2 XM, 5.6.2+ XM/XW/TI) airMAX AC (7.1.3+) ToughSwitch (1.3.2) airGateway (1.1.5+) airFiber (2.2.1+ AF24/AF24HD, 3.0.2.1+ AF5x) The virus gains access through the device’s hyper text transfer protocol (HTTP) and the secured HTTPS variant and denies access to the device. If the firmware is out of date, it leaves the HTTP and HTTPS interfaces exposed to the Internet, and the virus can access the device. The malware scans for subnets and will distribute itself to other Ubiquiti systems it identifies.
Recommended Steps for Initial Mitigation
Ubiquiti provided update, mitigation, and removal recommendations for this vulnerability in its community forum at
http://community.ubnt.com/t5/airMAX-General-Discussion/Malware-Removal-Tool-05-15-2016/m-p/1564953
You are here
Unpatched Ubiquiti Network Devices Subject to Virus Attack Resulting in Denial of Service
Mon, 07/04/2016 - 02:01
#1
Unpatched Ubiquiti Network Devices Subject to Virus Attack Resulting in Denial of Service
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
http://www.aredn.org/content/virus-vulnerability
Does not affect nodes once loaded with AREDN, only devices running AIROS.