Ubiquiti AirOS routers targeted by destructive worm


Ubiquiti Company is alerting of malware that is targeting their network devices with vulnerable firmware. The Ubiquiti worm will infect the device and create an account on the compromised device. Next it will continue to target more devices within the same subnet.

The attacks affect the following Ubiquiti devices running outdated firmware:

  • airMAX M
  • airMAX AC
  • airOS 802.11G
  • ToughSwitch
  • airGateway
  • airFiber

New patch have been released by Ubiquiti to fix this vulnerability but as the security practice is not in place on many companies some Ubiquiti devices still vulnerable. Symantec security researchers published more technical details about this malware.

According to Symantec the worm will try to connect over HTTP or HTTPS protocol to the targeted device, next it will copy itself to the remote device and install a backdoor with a new user account. That will not be all what the malware will do because it will prevent the admin from login to the device by adding iptables rules to block the web interface on infected device.

At the moment and if you are using one of the listed devices Ubiquiti Networks has released a tool to remove the worm you can find over here: http://community.ubnt.com/t5/airMAX-General-Discussion/.