Mirai botnet attacks 900,000 German broadband routers

By

Malware attempts to infect routers via remote management feature.

Hundreds of thousands of Deutsche Telekom broadband customers in Germany have been attacked by the Mirai malware, crashing their routers and degrading internet connections.

Mirai botnet attacks 900,000 German broadband routers

The telco said as many as 900,000, or about 4.5 percent of its 20 million fixed-line customers, began to have problems connecting to its network on Sunday afternoon.

The outages affected certain models of customer broadband DSL and fibre routers, but not the network itself, the company said. 

"The attack attempted to infect routers with a malware but failed which caused crashes or restrictions for four to five percent of all routers," Deutsche Telekom said.

An automatic software update for the affected routers is being rolled out. Deutsche Telekom said the malware did not survive a reboot.

The telco today said its security measures appeared to be taking effect, with the number of customers affected declining to around 400,000 by 1200 GMT.

"There is a clear improvement in the current situation," a spokesman said.

Kaspersky researcher Stefan Ortloff gathered technical details from affected users as well as samples of the malware which he said was a variant of the Mirai botnet.

Analysing the malware-generated network traffic, Ortloff discovered it was directed at transmission control protocol (TCP) port 7547 on the routers.

That port is used for the TR-064 protocol that internet providers and telcos connect to over their networks to configure customer DSL routers remotely. Mirai attempted to infect broadband routers via the TR-064 port, Ortloff said.

Ortloff found that the command and control server domains for the attack were pointed to United States military networks in the 6.0.0.0/8 IP address range.

There is, however, no Mirai-related infrastructure on that network, Ortloff added, meaning any remaining bots will not receive further commands until the attackers change the domain name system records for the malware configuration.

The affected routers are three Speedport models, Deutsche Telekom said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
botnetbroadbandmalwaremiraisecuritytelekom

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?