Security

Mirai variant turns TalkTalk routers into zombie botnet agents

Infosec folk spot web of compromised British devices

By John Leyden

35 SHARE

Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots.

The vast majority (99 per cent) of these 2,398 Mirai-infected devices are TalkTalk routers, according to security researchers at DDoS mitigation firm Imperva Incapsula.

“The botnet devices’ geolocation is very uncommon for DDoS botnets and indicates a vulnerability in a locally distributed device, which allows for such a regional botnet to appear,” Imperva Incapsula warns.

“Without full access to the infected routers, it’s difficult to know with certainty whether the malware used to execute this attack was the same Mirai variant used against Deutsche Telekom or the one encountered by the BadCyber researchers.”

More details on the problem can be found in a blog post by Imperva Incapsula here.

In response, TalkTalk said the situation was in hand:

Along with other ISPs in the UK and abroad, we continue to take steps to review the potential impacts of the Mirai worm. A small number of customer routers are affected by this issue. We have made good progress repairing these, and replacing them when necessary, and we continue to deploy additional network-level controls to further protect our customers.

®

Sign up to our NewsletterGet IT in your inbox daily

35 Comments

More from The Register

ISP popped router ports, saving customers the trouble of making themselves hackable

SingTel then left them open for a while, because ... well there's no excuse is there?

ISP TalkTalk's Wi-Fi passwords Walk Walk thanks to Awks Awks router security hole

Brit broadband biz has only had four years to patch up WPS

Begone, Demon Internet: Vodafone to shutter old-school pioneer ISP

Exclusive It was still going?

Oracle 'net-watcher agrees, China Telecom is a repeat offender for misdirecting traffic

Network admins really need to mind their MANRS

VPNFilter router malware is a lot worse than everyone thought

More affected devices. More damage. And what looks like an escalation in attacks

Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod

Bod accused of masterminding malware attacks on banks around the world

New Android-infecting malware brew hijacks devices. Why, you ask? Your router

1,280 Wi-Fi networks have fallen victim to the Switcher

OK Google, what is African ISP Main One, and how did it manage to route your traffic into China through Russia?

Updated Sub cable biz raises hand, 'fesses up to causing BGP hijack drama

Google Play Store spews malware onto 9 million 'Droids

How did these get through the net?

Brit police forces spend peanuts on cybercrime training

£1.3m over three years? Get with the times, plod