Quote:
Originally Posted by dpastern
It's probably a Netcomm NB5 right? Known issue. Netcomm Australia were unaware of the issue, despite it being publically known, until I made them aware of it. Because the Netcomm NB5 uses a Linux distibution named "busybox", it has WGET installed by default. At least on earlier versions. The bot that attacks these modems uses wget to download a compromised binary to the modem, unpacks it and that does the bit. In order to tell if your Netcomm NB5 modem is affected, see if you can telnet to it. Unless you've turned telnet off in the modem config, or changed the username/password, you should, by default, be able to telnet to the modem with the username/password admin/admin. If it won't let you, reboot the modem. If you can telnet to it after that, your modem was infected. To fix it, simply change the default password to something other than admin, and upgrade the firmware ( http://www.netcomm.com.au/support).
I work in the industry ;-)
Dave |
Nup wasn't a NB5. A 2wire 2071A. I did a bit of research and found that it was a recent virus. A friend who is a System admin had a client with the exact same problem the day after I got it. He tracked it down and it can be cured by a firmware update or reset apparently. One of the strangest problems I have come across. My initial thought was virus, but then the fact I could access some sites (google,gmail etc) made me think something else was awry. In the end my initial feeling was right. Still it was a weird one.
