Security

Mirai variant turns TalkTalk routers into zombie botnet agents

Infosec folk spot web of compromised British devices

By John Leyden

35 SHARE

Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots.

The vast majority (99 per cent) of these 2,398 Mirai-infected devices are TalkTalk routers, according to security researchers at DDoS mitigation firm Imperva Incapsula.

“The botnet devices’ geolocation is very uncommon for DDoS botnets and indicates a vulnerability in a locally distributed device, which allows for such a regional botnet to appear,” Imperva Incapsula warns.

“Without full access to the infected routers, it’s difficult to know with certainty whether the malware used to execute this attack was the same Mirai variant used against Deutsche Telekom or the one encountered by the BadCyber researchers.”

More details on the problem can be found in a blog post by Imperva Incapsula here.

In response, TalkTalk said the situation was in hand:

Along with other ISPs in the UK and abroad, we continue to take steps to review the potential impacts of the Mirai worm. A small number of customer routers are affected by this issue. We have made good progress repairing these, and replacing them when necessary, and we continue to deploy additional network-level controls to further protect our customers.

®

Sign up to our NewsletterGet IT in your inbox daily

35 Comments

More from The Register

ISP popped router ports, saving customers the trouble of making themselves hackable

SingTel then left them open for a while, because ... well there's no excuse is there?

ISP TalkTalk's Wi-Fi passwords Walk Walk thanks to Awks Awks router security hole

Brit broadband biz has only had four years to patch up WPS

VPNFilter router malware is a lot worse than everyone thought

More affected devices. More damage. And what looks like an escalation in attacks

Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod

Bod accused of masterminding malware attacks on banks around the world

Brit police forces spend peanuts on cybercrime training

£1.3m over three years? Get with the times, plod

New Android-infecting malware brew hijacks devices. Why, you ask? Your router

1,280 Wi-Fi networks have fallen victim to the Switcher

Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch

MoneyTaker lives up to its name

High-end router flinger DrayTek admits to zero day in bunch of Vigor kit

'It may be possible for an attacker to intercept your router'

Briton admits to router hack that DDoSed Deutsche Telekom

Tells German court it was unintentional

Router admin? Bored? Let's play Battleships using BGP!

Protocol how-to turns into
EPIC AS-vs-AS SLUGOUT