i would put this like that:
Using all means provided by RouterOS to protect itself it is impossible to execute 3rd party malicious code on it.
can you tell us more about what Mikrotik does to minimize the possibility that it executes malicious code?
i would also say that it's unlikely that this happens, but to say it's impossible is really unprofessional.
I'm working as a security analyst for some time and have seen some crazy of compromised systems.
There is no system in th world about you can say it's 100% secure. Ok all systems can be 100% but you need to unplug the power cable to secure it
you can say there is no known vulnerability, the system have multiple layers to mitigate intrusions. but than tell us more about that.
what gcs is describing sound more like some "usual" infection used for sending spam and such stuff. If seen a lot of compromised linux based boxes in my life getting abused for such activity. But during forensics it usually turned out they got hacked via known and not patched vulnerabilities.
It's unlikely that those bad guys spend a lot of time to find a vulnerability to compromise systems with the (spam)-bots especially if the possible count of targets is very low. they just interested in the count of infected hosts.
some questions at gcs
1. is really everything disconnected ?
2. it could be that you configured (by accident) a socks proxy which is open for the world?
3. are you running something inside metarouter what could be compromised?
please don't just say something stupid like "RouterOS can not be infected." even if this is unlikely it's worth to investigate so you should help the user to find the problem. if it's just something like a open socksproxy we're all happy. if there is really the unlikely case that someone have a 0day exploited for routeros and use it just to send spam you should be really interested in find it as soon as possible.
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA