Users of the Network attached storage devices manufactured by QNAP have reported a
According to the users, the malicious code adds some 700 entries to the /etc/hosts file that redirects requests
The user ianch99 in the QNAP NAS community forum reported that the antivirus ClamAV was failing to update due to 0.0.0.0 clamav.net host file entries.
“Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0 e.g.” wrote
the user ianch99.
As they are all set to 0.0.0.0, the ClamAV update fails. If you remove these entries, the update runs fine but they return on after rebooting.”
Other users reported similar problems with the MalwareRemover, but it is still unclear if the events are linked.
QNAP provided a script that could help users to restore normal operations deleting the mysterious entries.
QNAP hasn’t confirmed that the incidents were caused by a malware.
“Exposing your NAS on the internet (allowing remote access) is always a
“The real problems that I see with Qnap are:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.