---------- Forwarded message ---------- From: "Phil Regnauld" <regnauld@nsrc.org> Date: May 15, 2016 10:05 AM Subject: [afnog] Ubiquiti AirOS/AirMax worm in the wild To: <afnog@afnog.org> Cc: Forwarding this from a colleague. The reference to the PHP exploit could be related, but either way, it's happening now. - - - - I'm told that the local WISP operator community is dealing with a new worm[1] that exploits Ubiquiti AirOS devices running older firmwares. This could potentially be a lot of devices. http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-U... has ISPs from Spain, Brasil, and the US reporting infections in the last 24 hours. Versions prior to these are vulnerable: 5.5.11 XM/TI. 5.5.10u2 XW 5.6.2 XW/XM/TI There looks to be some more information here: https://hackerone.com/reports/73491 If you know anyone who makes use of UBNT AirOS products, now might be a time to give them a nudge. [1] quote from the forums "It's a self-distributing virus, so, once it can "see" neighbour antenas within the same subnet, it attacks the others." - - - - _______________________________________________ afnog mailing list https://www.afnog.org/mailman/listinfo/afnog