Menu
Upgraded Mirai botnet disrupts Deutsche Telekom by infecting routers

Upgraded Mirai botnet disrupts Deutsche Telekom by infecting routers

Hackers have updated the Mirai malware to infect more devices, according to a security researcher

A new version of Mirai -- a malware that’s been enslaving poorly secured IoT devices -- has found a new victim: vulnerable internet routers from Germany's Deutsche Telekom.

The spread of the new strain of Mirai has caused internet connection problems for close to a million Deutsche Telekom customers, the company reported on Monday.   

Deutsche Telekom blamed the disruption on the notorious malware, which has already been found infecting more than 500,000 internet connected devices, including DVRs and surveillance cameras.

However, this new strain of Mirai has been upgraded, said Johannes Ullrich, a security researcher with the SANS Technology Institute. He's been observing the infections and said they've been specifically designed to exploit a vulnerability in internet routers from the company Zyxel.

Originally, Mirai was designed to infect devices built with weak default logins and passwords by scanning the internet for them and then trying a list of more than 60 password combinations. But this new strain also targets a flaw in the SOAP (Simple Object Access Protocol) service embedded in the Zyxel router products, allowing the malware to take over the devices, Ullrich said.

It's unclear how many devices may have been affected, but Deutsche Telekom said the disruption, which began on Sunday afternoon, caused 900,000 out of its 20 million customers to experience connection problems.

"The attack attempted to infect routers with a malware, but failed, which caused crashes or restrictions for 4 to 5 percent of all routers," the company said in an email.

However, Ullrich's findings suggest that the new strain of Mirai succeeded in ensnaring at least some devices. To track the malware’s spread, he established a web server on Monday designed to act as a honeypot that can lure in the attack.

"Once Mirai infects a system, it goes off looking for more victims," he said.  

As of Monday morning, he'd found 100,000 unique IP addresses attempting to infect his honeypot.

But the goal of Mirai isn’t simply to infect. By taking control of thousands of devices, the malware can form a botnet -- or an army of enslaved computers that can be used to launch massive distributed denial-of-service attacks.

That's what happened last month when Mirai-infected devices were used to cause internet outages for dozens of top U.S. websites. The DDoS attack worked by flooding a DNS service provider with an overwhelming amount of internet traffic.  

Ullrich said he hasn’t observed this new strain of Mirai launching any DDoS attacks. But the connection problems for the Deutsche Telekom customers were probably caused by the malware infecting the device, and then using the computing power on the router to infect other devices, he said.

Fortunately, Deutsche Telekom has issued an advisory, instructing customers how to remove the infection.

But Ullrich said the new Mirai strain has probably infected routers used by other companies or internet service providers; they just aren’t aware. He estimates 1 million to 2 million router products will be easily infected.

Zyxel didn’t immediately respond to a request for comment.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments