Synology has announced the discovery of security issues in the DiskStation Manager operating system which runs its RackStation and DiskStation NAS devices. The security issues render affected versions of the operating system vulnerable to attacks that allow an unauthorised user to run commands with root privileges and to read, write and delete files on the NAS.
All Synology users are strongly advised to access their NAS, open the Control Panel, go to the DSM Update page and update to the latest version of the operating system.
Symptoms of a compromised NAS include the following:
Exceptionally high CPU usage detected in Resource Monitor: CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
Appearance of non-Synology folder: An automatically created shared folder with the name “startup”, or a non-Synology folder appearing under the path of “/root/PWNED”
Redirection of the Web Station: “Index.php” is redirected to an unexpected page
Appearance of non-Synology CGI program: Files with meaningless names exist under the path of “/usr/syno/synoman”
Appearance of non-Synology script file: Non-Synology script files, such as “S99p.sh”, appear under the path of “/usr/syno/etc/rc.d”
If you identify any of the above issues, Synology advises that you download the latest version of the DSM from the Synology Download Center and install it on your NAS by running the Synology Assistant application for Windows, Mac OS X or Linux.
Devices running DSM 4.0 should be installed with DSM 4.0-2259 or later.
Devices running DSM 4.1 or 4.2 should be upgraded to DSM 4.2-3243 or later.
Devices running DSM 4.3 should be updated to DSM 4.3-3827.
Microsoft® Windows Insider MVP - Windows Security
The following article is a update on Synology and CryptoLocker
(Synology NAS users hit with Cryptolocker variant)
Author/ Zorz HNS Managing Editor/ Posted on 04.08.2014
You know that your products are getting to be very popular when cybercriminals target users with a customized version of the Cryptolocker ransomware.
The products in question are NAS (network-attached storage) appliances manufactured by Taiwan-based Synology. As it could be witnessed in a couple of posts on different online help forums, the malware has started wreaking havoc over the weekend.
"My Diskstation got hacked last night. When I open the main page on the webserver I get a message that SynoLocker has started encrypting my files and that I have to go to a specific address on Tor network to get the files unlocked," a user shared his experience on Synology's forum.
Help Net Security/ Full Article Here/ http://www.net-security.org/malware_news.php?id=2827