Pierluigi Paganini
February 11, 2019
Users of the Network attached storage devices manufactured by QNAP have reported a
According to the users, the malicious code adds some 700 entries to the /etc/hosts file that redirects requests
The user ianch99 in the QNAP NAS community forum reported that the antivirus ClamAV was failing to update due to 0.0.0.0 clamav.net host file entries.
“Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0 e.g.” wrote
the user ianch99.
“0.0.0.0 bugs.clamav.net
0.0.0.0 current.cvd.clamav.net
0.0.0.0 database.clamav.net
0.0.0.0 db.local.clamav.net
0.0.0.0 update.nai.com
0.0.0.0 db.ac.clamav.net
0.0.0.0 db.ac.ipv6.clamav.net
0.0.0.0 db.ac.big.clamav.net
<snip>
As they are all set to 0.0.0.0, the ClamAV update fails. If you remove these entries, the update runs fine but they return on after rebooting.”
Other users reported similar problems with the MalwareRemover, but it is still unclear if the events are linked.
QNAP provided a script that could help users to restore normal operations deleting the mysterious entries.
QNAP hasn’t confirmed that the incidents were caused by a malware.
“Exposing your NAS on the internet (allowing remote access) is always a
“The real problems that I see with Qnap are:
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″] [adrotate banner=”13″]
