Imperva Incapsula has just published new research showing that a horde of 2,398 Mirai-infected home routers across the UK are currently acting as DDoS bots. 99% of these are TalkTalk routers.
A new variant of the Mirai malware is being used to exploit a newly discovered TR-064 protocol vulnerability (which caused the mass shutdown of Deutsche Telekom routers) to hijack the routers.
The botnet devices’ geolocation is very uncommon for DDoS botnets and indicates a vulnerability in a locally distributed device, which allows for such a regional botnet to appear.
This is not only a Deutsche Telekom or TalkTalk issue. The TR-064 is commonly used by ISPs around the world and it’s very likely that millions of ISP-distributed routers are still vulnerable.
The full details are available in the blog: https://www.incapsula.com/blog/new-variant-mirai-embeds-talktalk-home-routers.html