[caiu] RES: Virus UBNT
Werneck Costa
werneck.costa em gmail.com
Qua Maio 18 07:55:03 BRT 2016
Recebi, em um comunicado de uma empresa que vende Ubnt, este link com as
informações específicas:
http://tecwi.envemkt.com.br/ver_mensagem.php?id=H|2015|200059783|143023926142581300
- - -
*Werneck Costa*
Analista de Suporte
e-mail/Skype/GTalk: werneck.costa em gmail.com
Em 17 de maio de 2016 10:27, Edinilson - ATINET <edinilson em atinet.com.br>
escreveu:
> Não sei se serviria para o proposito atual, mas no passado precisei fazer
> uma atualização em massa e utilizei esse script:
> https://github.com/sudomesh/ubi-flasher
>
> É fácil de customizar.
>
>
> Edinilson
>
> ------------------------------------------
> ATINET
> Tel Voz: (0xx11) 4412-0876
> http://www.atinet.com.br
>
>
> ----- Original Message ----- From: "Alexandre J. Correa (Onda)" <
> alexandre em onda.net.br>
> To: "Lista das indisponibilidades da Internet brasileira" <
> caiu em eng.registro.br>
> Sent: Tuesday, May 17, 2016 10:20 AM
> Subject: Re: [caiu] RES: Virus UBNT
>
>
>
> Na 'tuada' que o negócio ta indo, acho que vai ser melhor mesclar os 2
> projetos ..
>
>
> Em 17/05/2016 04:49, Diego Canton de Brito escreveu:
>
>> Então deu certo o uso de trigger_url (do airos) :D
>>
>> Alexandre, fiz uma alteração no meu GIT do seu código de update, para
>> que o pessoal possa cambiar entre URL de firmware, seria legal fazer ai
>> tbm.
>>
>> URL='
>> http://dl.ubnt.com/firmwares/XN-fw/v5.6.5/XM.v5.6.5.29033.160515.2119.bin
>> '
>> #
>> URL='
>> http://dl.ubnt.com/firmwares/XN-fw/v5.6.4/XM.v5.6.4.28924.160331.1253.bin
>> '
>> wget $URL -O /tmp/firmware.bin
>> ubntbox fwupdate.real -m /tmp/firmware.bin
>>
>> Para mais exemplos https://github.com/diegocanton/remove_ubnt_mf/
>>
>> Em 2016-05-17 01:48, Alexandre J. Correa (Onda) escreveu:
>>
>> https://github.com/ajcorrea/cleanmf
>>>
>>> Migrei para GITHUB, inclui também Compliance test e Alteração de portas
>>> padrão (Diego Canton)
>>>
>>> O script agora utiliza o github como base para download, utilizando a
>>> função trigger_url !!!
>>>
>>> Em 16/05/2016 22:09, marcio petarnella escreveu: Já perdi a paciência
>>> com esse aircontrol, já instalei o server agora o
>>> cliente só da erro de login e senha, não funciona nem por decreto, já
>>> troquei java , já fiz de tudo, não vou mais perder tempo com isso, já não
>>> basta essa ferramenta da ubiquiti q também não funciona.
>>> Em 16/05/2016 9:51 PM, "Geeek Masters" <rgeeek em gmail.com> escreveu:
>>>
>>> Se você fizer pelo AirControl sim.
>>>
>>> 2016-05-16 21:43 GMT-03:00 marcio petarnella <marcio em mgptelecom.com.br>:
>>>
>>> Algum script q verifica a versão se xm ou xw e faz a atualização
>>> automática ?
>>> Em 16/05/2016 9:08 PM, "Geeek Masters" <rgeeek em gmail.com> escreveu:
>>>
>>> [image: Ubiquiti Networks]
>>> <
>>>
>>
>> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=e0bce9c5c5&e=fca1226044
>>
>>
>> BROADBAND
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=d98a23213c&e=fca1226044
>>
>>
>> ENTERPRISE
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=1c98dce54c&e=fca1226044
>>
>>
>> PRODUCTS
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=a326d664b7&e=fca1226044
>>
>>
>> SUPPORT
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=2230187878&e=fca1226044
>>
>>
>> BUY
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=1ac11f1e55&e=fca1226044
>>
>>
>> IMPORTANT
>>>> What We Know
>>>>
>>>> In recent days, we've seen virus activity taking network devices
>>>>
>>> offline.
>>
>> In most cases, devices are reset to factory defaults. In other cases,
>>>> devices are still operational, but inaccessible. The virus is using an
>>>> HTTP/HTTPS exploit that doesn't require authentication. Simply having a
>>>> radio with out-of-date firmware and having its HTTP (port 80)/HTTPS
>>>>
>>> (port
>>
>> 443) interface exposed to the Internet is enough to get infected.
>>>> Checking Your Devices
>>>>
>>>> Devices running the following firmware are *NOT* affected:
>>>>
>>>> Ensure the Safety of Your Devices
>>>>
>>>> Ubiquiti takes these threats seriously and has created a patch and an
>>>> Android app to diagnose and fix the problem. To check your devices and
>>>> remove the virus, please use *the removal tool*
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=4444e56b2c&e=fca1226044
>>
>>
>> .
>>>>
>>>> Note: The tool has the ability to upgrade airMAX M series devices to
>>>> airOS(R) v5.6.5,
>>>> which completely disables custom script usage.
>>>> If a device is inaccessible, TFTP recovery will be required to reset it
>>>>
>>> to
>>>
>>> factory defaults.
>>>>
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=821cdb27dc&e=fca1226044
>>
>>
>> For further discussions, check our *community page *
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=da02fcd1ca&e=fca1226044
>>
>>
>> or contact our *support team
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=8a12f2fc13&e=fca1226044
>>
>>
>> * .
>>> Copyright (c) 2016, Ubiquiti Networks, Inc. All Rights Reserved.
>>> Ubiquiti Networks 2580 Orchard Parkway San Jose, CA 95131 USA
>>>
>>> Share this on:
>>> <
>>>
>>
>> http://www.facebook.com/share.php?u=http%3A%2F%2Fus8.campaign-archive2.com%2F%3Fu%3Dbc856e62a9254399365d0277b%26id%3Dd674aca0a1&t=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software
>>
>>
>> <
>>>>
>>>
>> http://twitter.com/intent/tweet?text=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software%20-%20http%3A%2F%2Feepurl.com%2Fb10cX1
>>
>>
>> <
>>>>
>>>
>> http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fus8.campaign-archive1.com%2F%3Fu%3Dbc856e62a9254399365d0277b%26id%3Dd674aca0a1&title=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software
>>
>>
>> <
>>>>
>>>
>> http://us8.forward-to-friend.com/forward?u=bc856e62a9254399365d0277b&id=d674aca0a1&e=fca1226044
>>
>>
>> Unsubscribe
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/unsubscribe?u=bc856e62a9254399365d0277b&id=1c1b02cb37&e=fca1226044&c=d674aca0a1
>>
>>
>> | Update Preferences
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage2.com/profile?u=bc856e62a9254399365d0277b&id=1c1b02cb37&e=fca1226044
>>
>>
>> | View in browser
>>>> <
>>>>
>>>
>> http://us8.campaign-archive2.com/?u=bc856e62a9254399365d0277b&id=d674aca0a1&e=fca1226044
>>
>>
>> Follow: Facebook
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=e7237e0c93&e=fca1226044
>>
>>
>> | Twitter
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=7e60518caa&e=fca1226044
>>
>>
>> | YouTube
>>>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=f50704a90c&e=fca1226044
>>
>>
>> <
>>>>
>>>
>> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=f36406c247&e=fca1226044
>>
>>
>> Em 16 de maio de 2016 15:56, Lucas Fernandes <
>>>>
>>> lucas em jotaftelecom.com.br>
>>
>> escreveu:
>>>
>>> SSH
>>>
>>> touch /etc/persistent/ ct
>>>
>>> Só isso ja volta o complience test
>>>
>>> Obrigado
>>> Atenciosamente,
>>>
>>> JotaF.Telecom
>>>
>>> *Lucas Fernandes*
>>> Gerente de Redes
>>>
>>> *T: *19 3913-9797 *C: *19 9 7163-3676
>>> www.jotaftelecom.com.br [1]
>>>
>>> JotaF.Telecom
>>>
>>> Em 16/05/2016 15:52, Alexandre Silva Nano escreveu:
>>>
>>> Em 16 de maio de 2016 15:37, Rogerio Alves <
>>>
>> rogerioapedroso em gmail.com
>>
>> escreveu:
>>>
>>> Venho aqui agradecer ao Alexandre J. Correa, pois graças ao
>>>
>> esforço e
>>
>> inteligência dele, estou conseguindo dar uma organizada na bagunça
>>>
>> que
>>
>> a UBNT fez e não conseguiu ao menos fazer uma ferramenta que preste!
>>>
>>> Show de bola! Gostei também do script! Agora, Alexandre. Quem utiliza
>>> Compliance Test, como faz pra
>>>
>> continuar a
>>
>> utilizar? Se atualizar para a versão que você colocou no script, o
>>>
>> CT
>>
>> será inibido.
>>>
>>> _______________________________________________
>>> caiu mailing list
>>> caiu em eng.registro.br
>>> https://eng.registro.br/mailman/listinfo/caiu
>>>
>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>
>>> https://eng.registro.br/mailman/options/caiu
>>>
>> --
>>
>> <
>>
>>
>> https://ubnt.zendesk.com/attachments/token/cSQI60Oj1xSqnAmT4s2bmyCXj/?name=Rodrigo+Gregorio+C.+de+Paula+%28Geeek%29.pdf
>>
>>
>> [image: IPV6 Ready?] <http://geeekzone.com/>[image: IPV6 Ready?]
>>> <https://ipv6.he.net/certification/scoresheet.php?pass_name=Geeek>
>>> _______________________________________________
>>> caiu mailing list
>>> caiu em eng.registro.br
>>> https://eng.registro.br/mailman/listinfo/caiu
>>>
>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>
>>> https://eng.registro.br/mailman/options/caiu
>>>
>> _______________________________________________
>> caiu mailing list
>> caiu em eng.registro.br
>> https://eng.registro.br/mailman/listinfo/caiu
>>
>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>
>> https://eng.registro.br/mailman/options/caiu
>>
>> --
>>
>> <
>>
>> https://ubnt.zendesk.com/attachments/token/cSQI60Oj1xSqnAmT4s2bmyCXj/?name=Rodrigo+Gregorio+C.+de+Paula+%28Geeek%29.pdf
>>
>>
>> [image:
>>>
>> IPV6 Ready?] <http://geeekzone.com/>[image: IPV6 Ready?]
>> <https://ipv6.he.net/certification/scoresheet.php?pass_name=Geeek>
>> _______________________________________________
>> caiu mailing list
>> caiu em eng.registro.br
>> https://eng.registro.br/mailman/listinfo/caiu
>>
>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>
>> https://eng.registro.br/mailman/options/caiu
>> _______________________________________________
>> caiu mailing list
>> caiu em eng.registro.br
>> https://eng.registro.br/mailman/listinfo/caiu
>>
>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>
>> https://eng.registro.br/mailman/options/caiu
>>
>>
>
> --
> Sds.
>
> Alexandre Jeronimo Correa
> Onda Internet
> Office: +55 34 3351 3077
> www.onda.net.br
>
> _______________________________________________
> caiu mailing list
> caiu em eng.registro.br
> https://eng.registro.br/mailman/listinfo/caiu
>
>
> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>
> https://eng.registro.br/mailman/options/caiu
>
> _______________________________________________
> caiu mailing list
> caiu em eng.registro.br
> https://eng.registro.br/mailman/listinfo/caiu
>
>
> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>
> https://eng.registro.br/mailman/options/caiu
>
Mais detalhes sobre a lista de discussão caiu