Pambos Zeniou 0 Posted September 27, 2018 Share Posted September 27, 2018 Dear All, I am getting notifications for windows web site like windows updates that the link and the attachment contains virus. See below the notification that i am getting 9/27/2018 1:49:55 AM - Module HTTP filter - Threat Alert triggered on computer EMAIL: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a640b841a3f8dd0d contains JS/CoinMiner.BF trojan. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Also this morning while i was checking my Even Viewer on the Email Server i found an error and when i try to open the link on the error the ESET block it....See below the notification. Access to the web page was blocked. hxxp://go.microsoft.com/fwlink/events.asp?ProdName=Microsoft®+Exchange&ProdVer=15.0.1104.0&EvtID=1009&EvtSrc=MSExchangeFastSearch&LCID=2057 Threat: JS/CoinMiner.AH potentially unwanted application ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Can someone advise how i can solve this issue. Best Regards Pambos Zeniou Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted September 27, 2018 Administrators Share Posted September 27, 2018 If you are using a Mikrotik router, reset it to factory settings and upgrade the firmware to the latest version. If that doesn't help, it could be that your ISP is using a compromised Mikrotik router. Link to comment Share on other sites More sharing options...
Pambos Zeniou 0 Posted September 27, 2018 Author Share Posted September 27, 2018 Thanks for your reply, I don't understand why Mikrotik can be the issue here. Can you please explain it to me. Also when i try to open the same link from my Laptop its OK, but from the Server i am getting this report. If it was something to do with the Mikrotik why from my laptop it works. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted September 27, 2018 Administrators Share Posted September 27, 2018 https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-–-First-we-cryptojack-Brazil,-then-we-take-the-World-/ ESET had recognized this hack a couple of days or weeks before the reports went public. Link to comment Share on other sites More sharing options...
itman 1,741 Posted September 27, 2018 Share Posted September 27, 2018 6 hours ago, Pambos Zeniou said: I don't understand why Mikrotik can be the issue here. Can you please explain it to me. Also when i try to open the same link from my Laptop its OK, but from the Server i am getting this report. If it was something to do with the Mikrotik why from my laptop it works. To begin with, the issue is not solely related to Mikrotik. Other router manufacturers have also been identified as having vulnerabilities. Also, the issue is not restricted to locally installed routers. Many ISP routers and related backbone devices have been likewise infected. Many of these like recent postings in the forum have been traced backed to the ISP equipment being the source of the infection. Link to comment Share on other sites More sharing options...
Recommended Posts