Security

Mirai variant turns TalkTalk routers into zombie botnet agents

Infosec folk spot web of compromised British devices

By John Leyden

35 SHARE

Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots.

The vast majority (99 per cent) of these 2,398 Mirai-infected devices are TalkTalk routers, according to security researchers at DDoS mitigation firm Imperva Incapsula.

“The botnet devices’ geolocation is very uncommon for DDoS botnets and indicates a vulnerability in a locally distributed device, which allows for such a regional botnet to appear,” Imperva Incapsula warns.

“Without full access to the infected routers, it’s difficult to know with certainty whether the malware used to execute this attack was the same Mirai variant used against Deutsche Telekom or the one encountered by the BadCyber researchers.”

More details on the problem can be found in a blog post by Imperva Incapsula here.

In response, TalkTalk said the situation was in hand:

Along with other ISPs in the UK and abroad, we continue to take steps to review the potential impacts of the Mirai worm. A small number of customer routers are affected by this issue. We have made good progress repairing these, and replacing them when necessary, and we continue to deploy additional network-level controls to further protect our customers.

®

Sign up to our NewsletterGet IT in your inbox daily

35 Comments

More from The Register

Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod

Bod accused of masterminding malware attacks on banks around the world

Brit police forces spend peanuts on cybercrime training

£1.3m over three years? Get with the times, plod

Malware targeting cash machines fetches top dollar on dark web

Demand massively outstrips supply, researchers find

Who needs custom malware? 'Govt-backed' Gallmaker spy crew uses off-the-shelf wares

Likely state hackers make do with 'living off the land' and going after tardy Office patchers

Back to school soon – for script kiddies as well as normal kids. Hackers peddle cybercrime e-classes via Telegram

Bitcoin rather than student loan required for fraud classes

True Telecom busted by Ofcom for 'slamming', misselling and more

Must cough £300k soon after £87k ICO slapdown

Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks

One does dev, the other ops, and they're believed to be former white hats

ISP popped router ports, saving customers the trouble of making themselves hackable

SingTel then left them open for a while, because ... well there's no excuse is there?

Russian malware harvesting Telegram Desktop creds, chats

Python programmer may have outed himself on YouTube

FBI fingers North Korea for two malware strains

'Joanap' and 'Brambul' harvest info about your systems and send it home