Mirai variant turns TalkTalk routers into zombie botnet agents
Infosec folk spot web of compromised British devices
Posted in Security, 8th December 2016 13:03 GMT
Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots.
The vast majority (99 per cent) of these 2,398 Mirai-infected devices are TalkTalk routers, according to security researchers at DDoS mitigation firm Imperva Incapsula.
“The botnet devices’ geolocation is very uncommon for DDoS botnets and indicates a vulnerability in a locally distributed device, which allows for such a regional botnet to appear,” Imperva Incapsula warns.
“Without full access to the infected routers, it’s difficult to know with certainty whether the malware used to execute this attack was the same Mirai variant used against Deutsche Telekom or the one encountered by the BadCyber researchers.”
More details on the problem can be found in a blog post by Imperva Incapsula here.
In response, TalkTalk said the situation was in hand:
Along with other ISPs in the UK and abroad, we continue to take steps to review the potential impacts of the Mirai worm. A small number of customer routers are affected by this issue. We have made good progress repairing these, and replacing them when necessary, and we continue to deploy additional network-level controls to further protect our customers.