Thousands of NAS devices infected with malware through public FTP write access

vbimport

#1

We’ve just posted the following news: Thousands of NAS devices infected with malware through public FTP write access[newsimage]http://www.myce.com/wp-content/images_posts/2016/09/myce-seagate-central-95x75.jpg[/newsimage]

Owners of Seagate NAS devices should check whether the FTP server has a public shared folder with write access as it can be abused by cybercriminals to serve malware. According to a report from antivirus vendor Sophos the majority of specifically Seagate Central NAS devices have been infected.

            Read the full article here: [http://www.myce.com/news/thousands-nas-devices-infected-malware-public-ftp-write-access-80400/](http://www.myce.com/news/thousands-nas-devices-infected-malware-public-ftp-write-access-80400/)

            Please note that the reactions from the complete site will be synched below.

#2

Not entirely on topic, but on a general level there is a trouble with default passwords and enabled anonymous access/public folders.
Like we have discussed before, I can park my car most anywhere in an urban area and have wi-fi access which is of no trouble to the owner as I simply surf the net, but I could do real nasty business as I am within the owner’s network.
For a NAS being internet enabled through plug-and-play configuration of you gateway (typically firewall) that aspect extends to the whole world.

Personally, I do not have plug-and-pray activated on my gateway or firewall. Trouble is it all starts with knowledge most of you out there don’t have and so you will be vulnerable. It is not like people invites me to their network when I stop my car either, they just don’t know that their default is an open access which in reality makes me able to access whatever I want, even your computer (think about that). While I don’t do that as I only steal a bit of your bandwidth, I could have.
Would it be cool if I stole your online passwords? Your serials? I would say there’s many out there that has a good deal of work to do.
Don’t get me wrong, it is only a week since I did set up a totally unencrypted wireless network for a friend, but he lives 5 kilometers from the nearest neighbor and so doing so is pretty safe since the signals only reaches about 50 meters outside of his house. His NAS on the other hand had the FTP service shut down as he uses it only from his Windows explorer and so was not needed.
That brings me to the conclusion, enable only what you use and shut off everything you don’t need. For that to happen though, you will have to make some changes which starts with reading the manual.