Community discussions

Search found 10 matches

by random12
Fri Mar 30, 2018 12:28 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

OK, maybe I can say it in some other way. 1) Upgrade to 6.38.5 fixes the botnet scanner and removes it. 2) Upgrade to 6.41.3 fixes SMB vulnerability. This topic is about #1, but you don't seem to have this issue at all, you have some other files in your system. Let me tell you how I see if from the...
by random12
Thu Mar 29, 2018 5:53 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

but how do you have access to internals of Mikrotik? Is it official way or not? It's 100% official. No hacking at all. That's all that I can say for now. If not, then I should agrre with Normis that you device is not the representative example for the problem. I could agree that maybe you have exam...
by random12
Thu Mar 29, 2018 5:32 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

You are mixing up two different topics! Botnet is discussed here.


Keep calm and don't use exclamation signs while talking to the customer.

It's more than related: since "the botnet issue" has started we detected malicious activity on our Mikrotiks.
by random12
Thu Mar 29, 2018 5:19 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

Those are not "people" but one person who has already hacked his device himself. You can ignore him, his instructions can't be done by others. As you may understand it was done because we could get a proper answer from support. There is only one thing needed to determine if you are vulnerable = upg...
by random12
Thu Mar 29, 2018 4:57 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

You are right, this is some other tool. We fixed this one in v6.41 only. This is why upgrading to LATEST version is important. Your scanner has been stopped, but the .info process was not deleted. Upgrade to LATEST should fix also that one. I suggest you edit the very first message in the thread an...
by random12
Thu Mar 29, 2018 1:51 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

Image

This screen clearly shows me version 6.40.5 (that is not vulnerable as you say us) with "/rw/info" and "/ram/.info" processes in memory.

Are you telling me that it's all safe now?
by random12
Thu Mar 29, 2018 1:41 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

These are leftover files. They don't do anything. This is not the program itself, only some remaining things it created. You can delete those if you like, but the device is no longer "infected" as you say Really? How can you understand it? What's inside this "/rw/info" file? What's about those "/ra...
by random12
Thu Mar 29, 2018 12:06 am
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

Hi again, We have a bunch of Mikrotiks with OS version higher than vulnerable one but all of them are still infected. Even after "update FW" -> "reboot" -> "change password". https://i.imgur.com/RYF7XrG.png https://i.imgur.com/zFpOcIp.png https://i.imgur.com/X9cZDNw.png https://i.imgur.com/lr5HBt9.p...
by random12
Wed Mar 28, 2018 7:26 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

Not sure if you are aware but there is a complete instruction - https://github.com/BigNerd95/Chimay-Red
by random12
Wed Mar 28, 2018 7:23 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40143

Re: Urgent security advisory

Hi, Seems that we are having strange processes even after upgrade to version 6.41.3. Could you please post the complete instructions what to check in config or filesystem if we had malicious processes before the upgrade and after upgrade to 6.41.3? Are there any kind of startup scripts what should b...