Mirai variant turns TalkTalk routers into zombie botnet agents

Infosec folk spot web of compromised British devices

By John Leyden

Posted in Security, 8th December 2016 13:03 GMT

Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots.

The vast majority (99 per cent) of these 2,398 Mirai-infected devices are TalkTalk routers, according to security researchers at DDoS mitigation firm Imperva Incapsula.

“The botnet devices’ geolocation is very uncommon for DDoS botnets and indicates a vulnerability in a locally distributed device, which allows for such a regional botnet to appear,” Imperva Incapsula warns.

“Without full access to the infected routers, it’s difficult to know with certainty whether the malware used to execute this attack was the same Mirai variant used against Deutsche Telekom or the one encountered by the BadCyber researchers.”

More details on the problem can be found in a blog post by Imperva Incapsula here.

In response, TalkTalk said the situation was in hand:

Along with other ISPs in the UK and abroad, we continue to take steps to review the potential impacts of the Mirai worm. A small number of customer routers are affected by this issue. We have made good progress repairing these, and replacing them when necessary, and we continue to deploy additional network-level controls to further protect our customers.

®

Sign up to our NewsletterGet IT in your inbox daily

35 Comments

More from The Register

Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod

Bod accused of masterminding malware attacks on banks around the world

Brit police forces spend peanuts on cybercrime training

£1.3m over three years? Get with the times, plod

New Android-infecting malware brew hijacks devices. Why, you ask? Your router

1,280 Wi-Fi networks have fallen victim to the Switcher

Briton admits to router hack that DDoSed Deutsche Telekom

Tells German court it was unintentional

What most people think it looks like when you change router's admin password, apparently

Whopping 82% have never changed theirs – survey

Slingshot malware uses cunning plan to find a route to sysadmins

Advanced router code has been in circulation for six years

True Telecom busted by Ofcom for 'slamming', misselling and more

Must cough £300k soon after £87k ICO slapdown

EE unveils shoebox-sized router to boost Brit bumpkin broadband

Speeds of 100Mbps to reach rural areas – for a fee

Router ravaging, crippling code, and why not to p*ss off IT staff

Roundup The wacky week in security

Cisco can now sniff out malware inside encrypted traffic

This is Switchzilla’s kit-plus-cloud plan in action