Security Alert: Ubiquiti Networks Airmax malware in the wild.

Details are available in the UBNT community thread here: http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940

With specific troubleshooting steps in the post here: http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/m-p/1563869#M55108

Devices that are directly connected to the internet (via port forwards) or not within a private management network are vulnerable.

If you have a device with a firmware revision lower than the versions below you should upgrade to the latest stable firmware as soon as possible:

• airMAX M
  • 5.5.11 XM/TI
  • 5.5.10u2 XM
  • 5.6.2+ XM/XW/TI
• AirMAX AC
  • 7.1.3+
• ToughSwitch
  • 1.3.2
• airGateway
  • 1.1.5+
• airFiber
  • 2.2.1+ AF24/AF24HD
  • 3.0.2.1+ AF5x 

If you have been affected by the malware referenced in the attached posts, a removal tool has been created by ubiquiti.

More generally, network security principles should be applied to any device you install for your customers:

• Always change default passwords: There are many databases online that allow malicious actors to search for the default passwords for just about all vendor equipment from photocopiers to APs to NVRs.
• Try to place sensitive devices into a private management VLAN or subnet and firewall them off to only a few select admin only IP addresses rather than allowing them to be accessed by all locations on your network.
• If you require remote access to a customer site, a VPN connection to a firewall is more secure than port forward rules, as the security surface area is a single firewall device and not the many forwarded devices (with all the combinations of firmware and bugs that entails).