The situation with British ISP TalkTalk has become even worse as a variant of the Mirai worm has allowed hackers to create a large botnet from its subscribers’ routers and the ISP’s response has been insufficient.
A research team at Imperva Incapsula has found that the a variant of the Mirai worm, which it calls TR-06FAIL, is being used to run a large botnet. This variant not only attacks vulnerable routers, but it is also capable of modifying the device’s firmware so that it can run malware. Once this is done, the hackers in control of the botnet can steal whatever information they want from the affected user’s network as well as launch a DDoS attack in conjunction with the other infected routers in the botnet.
Computer security experts have suggested replacing all the affected routers, or in the very least, modifying their firmware to remove all the known vulnerabilities and have the users change their passwords. TalkTalk has downplayed the problem and issued the following response:
“As is widely known, the Mirai worm is an industry issue impacting many ISPs around the world, and a small number of TalkTalk customers have been affected.
“We can reassure these customers there is no risk to their personal information as a result of this router issue and there is no need for them to reset their wi-fi password.
“However, any customer with concerns can find out how to change their wi-fi password on our website or in their initial router set up guide. We have made good progress in repairing affected routers, but any customer who is still having any problems should visit our help site where they can find a guide that will show them how to reset their router.
“Alternatively, they can call us and we can talk them through the repair process or send them a new router.”
Unfortunately, this advice, which is perhaps good for TalkTalk’s bottom line, puts their subscribers who are affected in a dangerous situation.
As more and more ISPs get hit with this type of problem, we hope that they’ll learn to deal with it with more integrity than we’ve seen here.