QNAP NAS user? You’d better check your hosts file for mystery anti-antivirus entries • The Register

Glory hole

QNAP NAS person? You’d better check your hosts file for mystery anti-antivirus entries • The Register

Network connected garage maker QNAP’s shoppers have reported being hit by way of a mystery factor that disables device updates by way of hijacking entries in host machines’ hosts file.

The complete results are, as but, unknown – however customers have reported that probably the most visual symptom is that some 700 entries are added to the /and many others/hosts file that redirect a host of requests to IP deal with zero.zero.zero.zero.

This, mentioned forlorn QNAP discussion board person ianch99, stopped his antivirus from updating by way of sinkholing all the device’s requests to the seller’s website online. Others reported that the Taiwanese NAS equipment maker’s personal MalwareRemover used to be borked, despite the fact that it’s not recognized whether or not those two issues are connected.

“If you remove these entries, the update runs fine but they return on after rebooting,” posted ianch99. So some distance the one treatment looked to be a script supplied by way of QNAP itself, which one useful Reddit person posted the hyperlink to after it sounds as if being given it by way of one of the most garage company’s techie in reside chat.

gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== - QNAP NAS user? You'd better check your hosts file for mystery anti-antivirus entries • The Register

No time for nap, replace your QNAP: RAIDed NAS information corruption worm squashed


Other customers publicly puzzled concerning the QNAP’s seeming reluctance to mention anything else about the problem, with a Reg reader telling us: “The wider QNAP-using population could perhaps do with a heads-up from your esteemed organ.”

QNAP failed to reply when The Register requested the corporate to touch upon those goings-on, and has made no public observation on the time of writing.

A few years in the past firmware from the Taiwanese headquartered biz used to be came upon to have a catastrophic worm that corrupted information on RAID drives all through a rebuild “through faulty calculations”. It used to be sooner or later patched.

For those that have not poked across the quieter corners in their running techniques, /and many others/hosts forces area identify lookups produced from the host device to visit specified IP addresses. The commonplace non-malicious use is to put into effect blocking off of undesirable websites.

While helpful for power windups on colleagues by way of doing foolish such things as redirecting Google to Bing, that exact same simplicity makes it a gorgeous goal for malware authors bent on preventing updates to counter-malware methods, as Malwarebytes identified a couple of years in the past. ®


Please enter your comment!
Please enter your name here