26 Mar
2018
26 Mar
'18
8:18 p.m.
When you know who owns one of the above systems,
please advise them that their router is
compromised and that they have to update it.
As it seems now, updating will also remove the worm,
but in my opinion it is safer to cleanly
re-install it using netinstall and restore your backed-up configuration.
(you make backups, don't you??)
In the message I used the word "router" a couple of times, but it does not
matter if it is a router or WiFi device,
they all run the same software. When your device is on the above list, it has already
been compromised.
(probably at least one device on AMPRnet has been infected from internet and now it is
infecting other devices
inside AMPRnet, so you can be affected even when you have no internet access at all)
However, the good news is that it appears that updating the RouterOS to 6.40.6 (bugfix) or
6.41.3 (current)
is going to render the worm ineffective, it appears there is no real need to netinstall.
When you have internet access, updating is a simple matter of clicking "check for
updates" in the
system->packages menu, select "current" or "bugfix" channel and
click "download&install".
Of course this does not work when you have no internet access, but then you can still
download the desired
npk files from mikrotik.com, upload them in the device and reboot.
Rob