Spread of new Mirai malware strain slows following Deutsche Telekom attack

A new strain of the Mirai malware responsible for infecting Deutsche Telekom's routers has spread worldwide but at a slower rate than expected.

According to the security firm Flashpoint, the latest strain of the Mirai malware responsible for infecting the routers of Germany's Deutsche Telekom has spread to devices in at least 10 other countries.

The firm has discovered that the new strain of Mirai has infected routers worldwide including those in the UK, Brazil, Iran and Thailand. It is still unknown how many devices have been infected in total, but Flashpoint estimates that five million devices could be vulnerable to the malware.

In a blog post on its site, the firm warned against how an existing botnet could grow significantly by infecting vulnerable devices through the open port 7547, saying: “Some estimates put the total number of devices with port 7547 open at around 41 million, and devices that allow non-ISPs access to provisional networks number up to five million. If even a fraction of these vulnerable devices were compromised they would add considerable power to an existing botnet.”

According to Tripwire security researcher Craig Young, the spread of the new Mirai strain appears to have slowed down following Monday's attack on Deutsche Telekom which led to a million customers losing access to the internet when the malware was used to infect their routers.

Young estimated that the new strain was attempting to infect new devices at a rate of one device every 90 seconds before the disruption. However on Tuesday, the rate had slowed to one device every six minutes, suggesting that the attackers behind the deployment of the new strain were becoming more cautious.

The attack was never meant to disrupt Deutsche Telekom's internet services but instead to infect the devices so they could be added to a botnet. Young explained why the new strain of Mirai was able to bring down the telecom's internet services, saying: “The malware may have been too demanding on the routers, and overloaded them, so they wouldn't be able to operate.”

Though the rate of infection has slowed for now, Young believes that this is not the last we will see of Mirai: “Someone will fix the bugs in the code. People will also incorporate more exploits related to routers.” 

Image Credit: Andriano.cz / Shutterstock

ABOUT THE AUTHOR

Anthony currently resides in South Korea where he teaches and experiences Korean technological advances first hand.