Pambos Zeniou 0 Posted September 27, 2018 Posted September 27, 2018 Dear All, I am getting notifications for windows web site like windows updates that the link and the attachment contains virus. See below the notification that i am getting 9/27/2018 1:49:55 AM - Module HTTP filter - Threat Alert triggered on computer EMAIL: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a640b841a3f8dd0d contains JS/CoinMiner.BF trojan. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Also this morning while i was checking my Even Viewer on the Email Server i found an error and when i try to open the link on the error the ESET block it....See below the notification. Access to the web page was blocked. hxxp://go.microsoft.com/fwlink/events.asp?ProdName=Microsoft®+Exchange&ProdVer=15.0.1104.0&EvtID=1009&EvtSrc=MSExchangeFastSearch&LCID=2057 Threat: JS/CoinMiner.AH potentially unwanted application ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Can someone advise how i can solve this issue. Best Regards Pambos Zeniou
Administrators Marcos 5,453 Posted September 27, 2018 Administrators Posted September 27, 2018 If you are using a Mikrotik router, reset it to factory settings and upgrade the firmware to the latest version. If that doesn't help, it could be that your ISP is using a compromised Mikrotik router.
Pambos Zeniou 0 Posted September 27, 2018 Author Posted September 27, 2018 Thanks for your reply, I don't understand why Mikrotik can be the issue here. Can you please explain it to me. Also when i try to open the same link from my Laptop its OK, but from the Server i am getting this report. If it was something to do with the Mikrotik why from my laptop it works.
Administrators Marcos 5,453 Posted September 27, 2018 Administrators Posted September 27, 2018 https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-–-First-we-cryptojack-Brazil,-then-we-take-the-World-/ ESET had recognized this hack a couple of days or weeks before the reports went public.
itman 1,801 Posted September 27, 2018 Posted September 27, 2018 6 hours ago, Pambos Zeniou said: I don't understand why Mikrotik can be the issue here. Can you please explain it to me. Also when i try to open the same link from my Laptop its OK, but from the Server i am getting this report. If it was something to do with the Mikrotik why from my laptop it works. To begin with, the issue is not solely related to Mikrotik. Other router manufacturers have also been identified as having vulnerabilities. Also, the issue is not restricted to locally installed routers. Many ISP routers and related backbone devices have been likewise infected. Many of these like recent postings in the forum have been traced backed to the ISP equipment being the source of the infection.
Recommended Posts