Cover your NASes: QNAP acknowledges mystery malware but there's no patch yet
Anti-antivirus root-rooting weirdness just gets deeper
Taiwanese NAS maker QNAP has admitted its devices are affected by mysterious malware that alters
hosts files on infected boxen following The Register's report.
In a security advisory published yesterday, QNAP told its customers: "A recently reported malware is known to affect QNAP NAS devices. We are currently analyzing the malware and will provide the solution as soon as possible."
While the advisory's severity was given as "high", the company said that the types of affected products were "to be confirmed". QNAP did not comment further when The Register invited it to do so.
Affected folk were urged to manually install the latest version of QNAP's MalwareRemover product, detailed instructions for which are at the security advisory linked above. In addition, QNAP also dished out the standard advice for ensuring all apps on NASes are up to date.
This could be difficult for some people whose devices are infected by the mysterious malware. As we reported on Monday, QNAP users began complaining on the company's forums that around 700 entries were added to their machines' hosts file, all pointing to IP address
0.0.0.0. Those entries sinkholed all requests to common antivirus update servers.
QNAP NAS user? You'd better check your hosts file for mystery anti-antivirus entriesREAD MORE
Forum users noticed that the company's Derek Be Gone malware removal script had now incremented to version 1.4 since El Reg's first article. One in particular, who appears to believe their NAS is infected with the malware, posted that they couldn't install or update packages on their NAS thanks to "errors telling me that the architecture is wrong", with MalwareRemover not running either "because apparently the Python QPKG is somehow missing". The user also noticed a "dodgy looking .sh file" had appeared on the box, as well as unfamiliar entries in the
QNAP did apologise for not responding when we asked them for comment about the malware last week, reasonably pointing out that they were on holiday for Chinese New Year. ®