It has spread to more countries. Their main target now are routers. Here are some of the countries affected but not limited to: United Kingdom, Brazil, Iran, Thailand, and other countries
Malware capabilities are becoming more and more complex and the Mirai malware got its latest upgrade which has been infecting internet routers and had large success in Germany’s Deutsche Telekom. The new Mirai strain has spread to devices in at least 10 other countries, according to security firm Flashpoint. This is now spreading around the world, and as of now, it has hit the United Kingdom, Brazil, Iran, and Thailand and still growing.
The total number of infected devices has not yet been determined. But one thing is for sure: it is going to be a part of a growing botnet.
Last Monday, Deutsche Telekom reported that close to a million customers experienced internet connection problems from the new Mirai strain infecting their routers.
Deutsche Telekom has released a software update for their subscribers to stop the malware. This is not a guarantee that the malware will not be updated to something more potent.
The original version originally enslaved poorly secured IoT devices. However, this new strain is designed to infect routers manufactured by Zyxel. They targeted a known flaw with the product’s SOAP (Simple Object Access Protocol) to take them over.
Mirai was designed to form a botnet, to enslave devices like computers, IoT devices and other vulnerable gadgets. Primarily, it is aimed to to deliver denial-of-service attacks that can shut down websites. It may not be that successful every time but it could definitely disrupt and slow down internet connections of whichever is the target.
Flashpoint said it’s already found this new strain of Mirai creating a botnet to launch “small-scale” DDoS attacks on an IP address in Africa and a cloud hosting provider. The attacks, which lasted between a few minutes and to more than an hour, occurred on Monday and Tuesday.
Since the source code of Mirai has been released in the wild last September, there has been a lot of incarnations and versions. But this new one wanted to make the botnet network larger.
The spread of the new Mirai strain appears to be slowing down, according to Craig Young, a security researcher at Tripwire. On Monday, he estimated the malware was attempting to infect devices at a rate of one every 90 seconds. But as of Tuesday morning, that rate had slowed to about one every six minutes, he said.
Young said the Deutsche Telekom attack was in one sense a failure. The hackers probably never intended to disrupt Deutsche Telekom customers’ Internet connections, but simply to secretly infect their routers to grow the botnet, he said.
The way the Mirai strain took over the routers drew too much attention, provoking the German carrier to quickly issue a security patch. “The malware may have been too demanding on the routers, and overloaded them, so they wouldn’t be able to operate,” Young said.
He expects the hackers to keep upgrading Mirai. “Someone will fix the bugs in the code,” he said. “People will also incorporate more exploits related to routers.”
