Sign In / Register
« Back to all recent discussions
NSA325 Ngioweb infect
sorry for my bad written english.
My webprovider informed me, my NSA has an
Does anybody know how to solve the problem ?
Thanks a lot
I did some googling on ngioweb, but couldn't find where it installs itself. While it is possible to install extra software on a ZyXEL nas, it works different than on other Linux boxes. A naive approach will have the software removed on a reboot, or have it not started.
It seems that the malware often uses Wordpress to enter a box. Maybe it also uses it to start up? Do you have Wordpress installed and exposed to the web? In that case you could backup the content (using phpmyadmin) and remove the package. Do you have a way to test if the malware is still active? How could you ISP point to your NAS, there is more in your network, I guess? Do you have shell access to the NAS?