Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password to the Ant.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password to the Ant.
this is my conclusion as well....
caused by poor security/complacency and leaving passwords on default
