Rogue botnet using a vulnerability in the RouterOS Winbox service
Security Alert : A rogue botnet is currently using a vulnerability in the RouterOS Winbox service, that was patched in RouterOS v6.42.1 in April 23, 2018.
All RouterOS devices offer free upgrades with just two clicks, so we urge you to upgrade your devices with the "Check for updates" button, if you haven't done so already.
Steps to be taken:
- Upgrade RouterOS to the latest release
- Change your password after upgrading
- Restore your configuration and inspect it for unknown settings
- Implement a good firewall according to the article here:
All versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable. Is your device affected? If you have open Winbox access to untrusted networks and are running one of the affected versions: yes, you could be affected. Follow advice above. If Winbox is not available to internet, you might be safe, but upgrade still recommended.
More information about the issue can be found here: https://blog.mikrotik.com