<p dir="ltr">Hi Phil</p>
<p dir="ltr">Thank you for sharing this. Have fowarded to some folk i know use those boxes...</p>
<p dir="ltr">Noah</p>
<div class="gmail_quote">On 15 May 2016 10:08, "Phil Regnauld" <<a href="mailto:regnauld@nsrc.org">regnauld@nsrc.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Forwarding this from a colleague. The reference to the PHP exploit could<br>
be related, but either way, it's happening now.<br>
<br>
- - - -<br>
<br>
I'm told that the local WISP operator community is dealing with a new<br>
worm[1] that exploits Ubiquiti AirOS devices running older firmwares.<br>
This could potentially be a lot of devices.<br>
<br>
<a href="http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940" rel="noreferrer" target="_blank">http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940</a><br>
has ISPs from Spain, Brasil, and the US reporting infections in the<br>
last 24 hours.<br>
<br>
Versions prior to these are vulnerable:<br>
<br>
5.5.11 XM/TI.<br>
5.5.10u2 XW<br>
5.6.2 XW/XM/TI<br>
<br>
There looks to be some more information here:<br>
<a href="https://hackerone.com/reports/73491" rel="noreferrer" target="_blank">https://hackerone.com/reports/73491</a><br>
<br>
If you know anyone who makes use of UBNT AirOS products, now might be<br>
a time to give them a nudge.<br>
<br>
<br>
[1] quote from the forums "It's a self-distributing virus, so, once it<br>
can "see" neighbour antenas within the same subnet, it attacks the<br>
others."<br>
<br>
- - - -<br>
<br>
<br>
_______________________________________________<br>
afnog mailing list<br>
<a href="https://www.afnog.org/mailman/listinfo/afnog" rel="noreferrer" target="_blank">https://www.afnog.org/mailman/listinfo/afnog</a><br>
</blockquote></div>