back to article Has Trickbot gang hijacked your router? This scanner may have an answer

Microsoft has published a tool that scans for and detects MikroTik-powered Internet-of-Things devices that have been hijacked by the Trickbot gang. The open-source scanner comes after an investigation by Redmond's Defender for IoT research team into how the nefarious malware crew takes over MikroTik routers and sets them up to …

  1. Anonymous Coward
    Anonymous Coward

    Visiting the MikroTik website..

    No mention of any problems on their homepage.

    No mention of any problems on their support page.

    No mention of any problems on their forum.

    I gave up at that point. Not that I've ever heard of them before.

    But I have now, you all have.

    1. bogomips
      Pint

      Re: Visiting the MikroTik website..

      Saw this by accident-

      I got a "Tik" router. Just checked - mine's ok, and firmware is up to date (enough).

      It is amazing hardware!

      I think the advanced capability, and relative low cost makes this an easy choice for anyone with networking needs beyond what most ISP routers provide.

      It is however definitely not a consumer product... You need to be skilled to configure this thing. Especially the firewall. I guess this is why this issue exists - people don't know how to lock it down right...

      MikroTik is pretty good at disclosing and patching vulnerabilities, and they have an amazing forum and community.

      That MS post is only 2 days old at this point...

      Is this really a vulnerability?

      Using the default password? - user messed up...

      Firmware really old? - user messed up... Thats already been patched long ago.

      Bruteforce attack? - you didn't lock down admin access to internal network only? - user messed up.

      Yeah... doesn't look like a new vulnerability...

      Not sure what you want them to post on their website about... "Warning: don't use this product if dumb or under the influence" :P

      (pint icon - obvs)

      1. Pirate Dave Silver badge
        Pirate

        Re: Visiting the MikroTik website..

        I played with one of their hEX POE Lite routers 4 or 5 years ago, and was suitably impressed. Amazed, actually, with the number of ways you could molest packets with that little box with such a puny CPU. IIRC, the GUI admin panel wasn't the greatest I'd ever seen, but was mostly functional. Overall, it reminded me of the old Coyote Linux bootable floppy from 20+ years ago - tight, compact, but does a lot of stuff.

      2. claimed Silver badge

        Re: Visiting the MikroTik website..

        Dumb...? Supplying a device that is default broken, that's dumb. You shouldn't have to lock down admin access to internal, that should be default. Default password, either do better and provide a unique device specific default, or make the user change it. How? How about only allow one device to use the WiFi until its changed... That'd fix 99% of the people that buy this stuff as they'd quickly wonder why it was ignoring other devices. Don't blame users, blame designers.

        1. bogomips

          Re: Visiting the MikroTik website..

          Dunno if it makes sense to still be replying to this thread, but just for fun:

          These routers are basically a blank slate - you get a processor, and an OS (Router OS) which allows you to do fancy networking stuff. How you configure it is up to you.

          This is not a consumer device. This is not a Netgear router.

          If you install a Raspberry pi with Raspian, and slap apache on there - does that make it a hardened internet-ready web server? Hell no - its not, and you better know how to lock that thing down if you don't want to trashed.

          Same here.

          For what its worth, I do think the paperwork that comes with the Mikrotik routers and switches suggests you to update the OS...

          Your thinking is correct - but for devices aimed at your everyday computer user who might only barely be able to operate smart phone.

          These devices are not aimed at that audience.

    2. Anonymous Coward
      Anonymous Coward

      Re: Visiting the MikroTik website..

      Maybe it's not on the homepage because it's an already fixed 3yr old vulnerability. If MS was to put such old vulns on their homepage it would be so big it would take hours to load the hundreds of CVEs.

      Unlike most other vendors I know, free updates are available for Mikrotik gear, no service contracts or entitlements needed.

      My multi-gigabit capable router RB1000 from 2008 is still going strong and gets updates for free.

      If only MS spent time checking their garbage source code, their shite wouldn't be compromised by trickbot or the other 100,000,000 pieces of windows malware produced for the OS in 2021. https://tech.co/news/windows-users-malware

      1. bogomips

        Re: Visiting the MikroTik website..

        What I love about it - there is no cloud-crap to manage the router. Your house - your hardware. Simple!

    3. schmitzr2018

      Re: Visiting the MikroTik website..

      Anyone who knows routers knows MikroTik. They make super capable SMB routers that normal people should not be recommended to use.

      1. Missing Semicolon Silver badge

        Re: Visiting the MikroTik website..

        .. using modified versions of Open-Source code they won't release.

        No thanks.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like