All of the hosts I can control in 44.34/21 have been updated this evening. Please let me know if you notice any other troublemakers there. Thanks for the report.
On Mon, Mar 26, 2018, 2:20 PM Rob Janssen pe1chl@amsat.org wrote:
When you know who owns one of the above systems, please advise them
that their router is
compromised and that they have to update it.
As it seems now, updating will also remove the worm, but in my opinion
it is safer to cleanly
re-install it using netinstall and restore your backed-up configuration. (you make backups, don't you??)
In the message I used the word "router" a couple of times, but it does not matter if it is a router or WiFi device, they all run the same software. When your device is on the above list, it has already been compromised. (probably at least one device on AMPRnet has been infected from internet and now it is infecting other devices inside AMPRnet, so you can be affected even when you have no internet access at all)
However, the good news is that it appears that updating the RouterOS to 6.40.6 (bugfix) or 6.41.3 (current) is going to render the worm ineffective, it appears there is no real need to netinstall.
When you have internet access, updating is a simple matter of clicking "check for updates" in the system->packages menu, select "current" or "bugfix" channel and click "download&install". Of course this does not work when you have no internet access, but then you can still download the desired npk files from mikrotik.com, upload them in the device and reboot.
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net