Community discussions

MikroTik App
Member Candidate
Member Candidate
Topic Author
Posts: 180
Joined: Sat Jul 28, 2012 5:21 pm

Crooks Use Hacked Routers to Aid Cyberheists

Tue Jun 30, 2015 9:54 pm

"Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS."

“The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur.” ... more-31364
Forum Guru
Forum Guru
Posts: 7784
Joined: Mon Oct 22, 2012 4:46 pm

Wed Jul 01, 2015 9:29 am

According to the article it is more or less question of belief. Maybe the infected computers are just behind those routers using upnp to be reachable...
User avatar
MikroTik Support
MikroTik Support
Posts: 25223
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Crooks Use Hacked Routers to Aid Cyberheists

Wed Jul 01, 2015 10:05 am

Sounds like FUD. As you well know, MikroTik devices have firewall by default, on the public interface. Article blames use of default login/password, but this is not true for access from the internet.
No answer to your question? How to write posts
User avatar
Posts: 1569
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA

Re: Crooks Use Hacked Routers to Aid Cyberheists

Sun Jul 12, 2015 3:58 am

Always possible people are disabling the firewall and not setting the password. Did a write up on this issue as it seems to have been more of an issue on the Ubiquity side with some actual evidence of the router being used as a distribution point for Dyre: ... e-malware/.
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684 ... consulting
Posts: 42
Joined: Tue Jan 03, 2012 6:35 am
Location: Brisbane, Australia

Crooks Use Hacked Routers to Aid Cyberheists

Sun Jul 12, 2015 6:13 am

I know quickset will generally put a deny all filter rule on the wan input if used. But could you also put a security checklist or section for securing router access in quickset too?

Something that might let you specify an admin ip/subnet and then automatically populate firewall rules on all input interfaces permitting that admin address as well as changing the permitted addresses under 'ip > services' and the various tool discovery interfaces as well?

That way if you want the quick setup path you get the option of a bit more lockdown without having to find and configure the various commands scattered around the interface but if you're more experienced you can still manage the total config yourself without using quickset.

I recognise the type of people who don't know enough about the equipment to research securing it in production will be exactly the type of people who will loudly complain about being "locked out" by a security 'wizard' though.

But handholding in quickset and leaving everything else to the power user otherwise seems the least worst option for a 'can't please everyone all the time' problem.
User avatar
Member Candidate
Member Candidate
Posts: 144
Joined: Fri Dec 23, 2016 8:15 am

Re: Crooks Use Hacked Routers to Aid Cyberheists

Sat Dec 24, 2016 5:59 am

any update on this dyre or upatre,

interested in securing any possible security flaws as i noticed an article about this from last year

Who is online

Users browsing this forum: Bing [Bot], gabacho4 and 30 guests