Confirmed: Mirai botnet attacks and temporarily incapacitates nearly million home routers

Last month, Mirai botnet demonstrated its power by knocking numerous leading Internet websites offline, and on 27th November, 2016 another attack was carried out. Deutsche Telekom, which has over 20 million clients, has announced about an attack that affected around 900 000 clients in Germany and knocked out their routers, making them experience Internet connection problems. This information is officially confirmed by Federal Office for Information Security. It appears that victims of the attack could not get access to telephone, television, and Internet service for over two hours because the Mirai botnet managed to exploit security vulnerabilities in broadband Internet routers made by Zyxel company, which Deutsche Telekom clients use. Unlike previous Mirai attacks, which were planned to take control over devices that had easy-to-guess login details, this attack targets a security vulnerability in Simple Object Access Protocol (SOAP) service incorporated in Zyxel routers.

Apparently, that attack wasn’t so successful, despite the massive number of devices it affected. It appears that the initial aim of the attack was not only to cut the access to the Internet to almost 1 million users but also turn their devices into bots and use them as slaves to carry out further Distributed Denial of Service attacks (DDoS). However, such attempts to compromise devices failed, which caused crashes and restrictions to a small percent of clients’ routers. Deutsche Telekom has addressed the issue by releasing a software update and currently it is applying new solutions in the network. Victims and those who haven’t been affected by an attack are advised to unplug the router from for about 30 seconds and then reboot the device. Since Mirai virus gets into device’s dynamic memory, rebooting the device clears the virus from it. Currently, the bigger part of Deutsche Telekom clients can use services without confinements and only some users notice some negligible issues regarding Internet connection, and some clients cannot use the Internet connection any more. According to the German company, such issue can be a consequence of a targeted attack by external parties.

We can expect nothing less but more similar attacks since one hacker published the source code of Mirai Trojan on one hacking-themed online forum. The malware is designed to find unprotected smart devices in homes and make them part of Mirai’s botnet, which is used to implement DDoS attacks. Since the virus’s source code is freely available to every hacker now, it is apparent that more similar attacks are to be carried out in the future. Therefore, users must take preventive measures and protect their routers from malware attacks. To start with, users of old routers should replace them with new ones, change their default passwords with strong ones, and disable remote management via router’s settings.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions