Menu
Upgraded Mirai botnet disrupts Deutsche Telekom by infecting routers

Upgraded Mirai botnet disrupts Deutsche Telekom by infecting routers

Hackers have updated the Mirai malware to infect more devices, according to a security researcher

A new version of Mirai -- a malware that’s been enslaving poorly secured IoT devices -- has found a new victim: vulnerable internet routers from Germany's Deutsche Telekom.

The spread of the new strain of Mirai has caused internet connection problems for close to a million Deutsche Telekom customers, the company reported on Monday.   

Deutsche Telekom blamed the disruption on the notorious malware, which has already been found infecting more than 500,000 internet connected devices, including DVRs and surveillance cameras.

However, this new strain of Mirai has been upgraded, said Johannes Ullrich, a security researcher with the SANS Technology Institute. He's been observing the infections and said they've been specifically designed to exploit a vulnerability in internet routers from the company Zyxel.

Originally, Mirai was designed to infect devices built with weak default logins and passwords by scanning the internet for them and then trying a list of more than 60 password combinations. But this new strain also targets a flaw in the SOAP (Simple Object Access Protocol) service embedded in the Zyxel router products, allowing the malware to take over the devices, Ullrich said.

It's unclear how many devices may have been affected, but Deutsche Telekom said the disruption, which began on Sunday afternoon, caused 900,000 out of its 20 million customers to experience connection problems.

"The attack attempted to infect routers with a malware, but failed, which caused crashes or restrictions for 4 to 5 percent of all routers," the company said in an email.

However, Ullrich's findings suggest that the new strain of Mirai succeeded in ensnaring at least some devices. To track the malware’s spread, he established a web server on Monday designed to act as a honeypot that can lure in the attack.

"Once Mirai infects a system, it goes off looking for more victims," he said.  

As of Monday morning, he'd found 100,000 unique IP addresses attempting to infect his honeypot.

But the goal of Mirai isn’t simply to infect. By taking control of thousands of devices, the malware can form a botnet -- or an army of enslaved computers that can be used to launch massive distributed denial-of-service attacks.

That's what happened last month when Mirai-infected devices were used to cause internet outages for dozens of top U.S. websites. The DDoS attack worked by flooding a DNS service provider with an overwhelming amount of internet traffic.  

Ullrich said he hasn’t observed this new strain of Mirai launching any DDoS attacks. But the connection problems for the Deutsche Telekom customers were probably caused by the malware infecting the device, and then using the computing power on the router to infect other devices, he said.

Fortunately, Deutsche Telekom has issued an advisory, instructing customers how to remove the infection.

But Ullrich said the new Mirai strain has probably infected routers used by other companies or internet service providers; they just aren’t aware. He estimates 1 million to 2 million router products will be easily infected.

Zyxel didn’t immediately respond to a request for comment.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

What to expect from your IT Distributor

Whether you’re just starting out or you’ve been around since before the dot com rollercoaster, choosing the right distribution partner can be a pivotal factor in your success. This definitive guide outlines the traits that every IT partner needs to look for in their IT Distributor.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments