Video Screencast Help

Chameleon: Virus that spreads across Wi-Fi

Created: 06 Mar 2014 | 4 comments
Orlando Didier's picture

Hi everybody.

We have received an alert about a virus, Chameleon. This virus can self-propagate over WiFi networks from access point to access point,  but doesn't affect the working of the Wireless Access Point. So I'm searching for information in Symantec Forums but it seems there is no information about the virus. 

Somebody knows if Symantec has an article or something posted about this virus in particular?

Our client is asking for an URL from Symantec about it but I don't find anything.

Hope anybody could help me.

Greetings!

Operating Systems:

Comments 4 CommentsJump to latest comment

.Brian's picture

I found a link that Symantec posted on their twitter feed:

http://thehackernews.com/2014/02/chameleon-virus-t...

It's not from Symantec but just gives a description.

Symantec is referenced in this one as well:

http://mashable.com/2014/03/05/chameleon-computer-...

I haven't seen anything else on their blogs.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mick2009's picture

Hi Orlando,

Check out the following article from Security Response.  The advice given there seems good for all devices in a household or small office, including the WLAN router: 

Linux Worm Targeting Hidden Devices

https://www-secure.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices

....

To protect from infection by the worm [Linux.Darlloz], Symantec recommends users take the following steps:

  1. Verify all devices are connected to the network
  2. Update their software to the latest version
  3. Update their security software when it is made available on their devices
  4. Make device passwords stronger
  5. Block incoming HTTP POST requests to the following paths at the gateway or on each device if not required:
    • -/cgi-bin/php
    • -/cgi-bin/php5
    • -/cgi-bin/php-cgi
    • -/cgi-bin/php.cgi
    • -/cgi-bin/php4

 

With thanks and best regards,

Mick

Orlando Didier's picture

Thank you very much Brian, I've found the first link in the Symantec's Twitter account but the second one was more useful, it seems that Symantec doesn't want to comment about this virus at the moment.

Mick, thanks for the information and as you say it's good enough for a small-office, I think we can use some of that recommendations for our own network.
 
I hope that Symantec announces something about, by the way, our client is satisfied with this information for now.
 
Thanks both of you.

 

.Brian's picture

Glad to help :)

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.