I had a few phone calls from my friends during the past few days related to the new hacker attack on the Mikrotik routers. The unknown file named mikrotik.php appears between the files and you have a new script named script3_. Even more, your firewall is disabled.
This attack exploits vulnerabilities in the Web service. Although this blog claims that this vulnerability is fixed in the RouterOS version 6.38.5, I found that many routers that are not updated to the latest version are infected. A few of mine routers with the RouterOS versions 6.38.5, 6.39.x, 6.40.x or even 6.42.3 were attacked. Continue reading