26 Mar
2018
26 Mar
'18
8:18 p.m.
When you know who owns one of the above systems,
please advise them that their router is
compromised and that they have to update it.
As it seems now, updating will also remove the worm,
but in my opinion it is safer to cleanly
re-install it using netinstall and restore your backed-up configuration.
(you make backups, don't you??)
In the message I used the word "router" a couple of times, but it does not
matter if it is a router or WiFi device,
they all run the same software. When your device is on the above list, it has already
been compromised.
(probably at least one device on AMPRnet has been infected from internet and now it is
infecting other devices
inside AMPRnet, so you can be affected even when you have no internet access at all)
However, the good news is that it appears that updating the RouterOS to 6.40.6 (bugfix) or
6.41.3 (current)
is going to render the worm ineffective, it appears there is no real need to netinstall.
When you have internet access, updating is a simple matter of clicking "check for
updates" in the
system->packages menu, select "current" or "bugfix" channel and
click "download&install".
Of course this does not work when you have no internet access, but then you can still
download the desired
npk files from mikrotik.com, upload them in the device and reboot.
Rob
27 Mar
27 Mar
4:19 a.m.
New subject: MikroTik worm - please check your RouterOS version!
All of the hosts I can control in 44.34/21 have been updated this evening.
Please let me know if you notice any other troublemakers there. Thanks for
the report.
On Mon, Mar 26, 2018, 2:20 PM Rob Janssen <pe1chl(a)amsat.org> wrote:
When you know
who owns one of the above systems, please advise them
that their router is
compromised and that they have to update it.
As it seems now, updating will also remove the
worm, but in my opinion
it is safer to cleanly
re-install it using netinstall and restore your
backed-up configuration.
(you make backups, don't you??)
In the message I used the word "router" a couple of times, but it does not
matter if it is a router or WiFi device,
they all run the same software. When your device is on the above list,
it has already been compromised.
(probably at least one device on AMPRnet has been infected from internet
and now it is infecting other devices
inside AMPRnet, so you can be affected even when you have no internet
access at all)
However, the good news is that it appears that updating the RouterOS to
6.40.6 (bugfix) or 6.41.3 (current)
is going to render the worm ineffective, it appears there is no real need
to netinstall.
When you have internet access, updating is a simple matter of clicking
"check for updates" in the
system->packages menu, select "current" or "bugfix" channel and
click
"download&install".
Of course this does not work when you have no internet access, but then
you can still download the desired
npk files from mikrotik.com, upload them in the device and reboot.
Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
2444
days inactive
2445
days old
1 comments
2 participants
participants (2)
-
Rob Janssen -
Ryan Elliott Turner