The page may not load correctly.
An analysis of the technologies used by cybercriminals allows us to draw conclusions about the virus industry’s possible vectors of development and more effectively confront future threats. You, too, can learn what actions various malicious programs take in infected systems and how to withstand them.
A family of worms for different versions of Linux, including Air OS that is developed by Ubiquiti Networks and installed on its devices. It is implemented as bash scripts.
Initially, the Trojans of this family were distributed via a vulnerability in the firmware of devices produced by Ubiquiti. Later version received a function for connection to remote devices via the SSH protocol (ports 22, 2222), with the use of logins “root”, “admin”, “ubnt” and the following passwords:
admin
root
ubnt
ubnt123
password
abcd1234
abcdefgh
qwerty
abc123
111111
123456
123123
123qwe
12345678
admin1
!@#$%^&*
ubiquiti
000000
1q2w3e4r
!Q@W#E$R
1qaz2wsx
In case of successful compromise, new user is added to the system (such logins as “mother ” and “moth3r ” are known) and a key for the access via the SSH protocol. They also install themselves on the compromised device to folder “/etc/persistent/.mf” and get registered in the autorun by modifying file /etc/persistent/rc.poststart.
According to statistics, every fifth program for Android contains a vulnerability (or, in other words, a "loophole") that lets cybercriminals successfully introduce Trojans onto mobile devices and manipulate them into doing whatever actions they need them to.
Dr.Web Security Auditor for Android diagnoses and analyses a mobile device’s security and offers solutions to address security problems and vulnerabilities.