Home
 » ISP News » 
Sponsored

UPDATE KCOM’s Broadband ISP Routers Infected by the Mirai Worm

Thursday, December 1st, 2016 (10:31 am) - Score 4,371
kcom_office_building

Earlier this week we reported on how routers supplied by the Post Office, TalkTalk and others were potentially vulnerable to a modified piece of malicious software called Mirai (here), which hijacks the device. Today we learn that around 1,000 customers of KCOM’s service in Hull have also been hit.

Huge numbers of broadband subscribers across Europe have already suffered from the malware, which exploits some recently discovered weaknesses in the popular TR-069 (remote management) and related TR-064 (LAN-Side DSL CPE Configuration) protocols and implementation by ISPs.

So far various routers, such as those manufactured by T-Com/T-home, D-Link, ZyXEL, MitraStar, Digicom and Aztech, have been hit and more may follow. For example, ZyXEL’s AMG1302 (T11B and T10B) series is open to the exploit (unless the very latest firmware is applied) and this router is supplied by the Post Office. Sadly that same model is also used by some of KCOM’s broadband customers.

A Spokesman for KCOM said (here):

“We have now identified that the root cause of the problem was a cyber attack that targets a vulnerability in certain broadband routers, causing them to crash and disconnect from the network. The only affected router we have supplied to customers is the ZyXel AMG1302-T10B.

The vast majority of our customers are now able to connect to and use their broadband service as usual. Our core network was not affected at any time, and we have put in place measures to block future attacks from impacting our customers’ routers and their ability to access the internet.”

Once again we are advising all broadband ISPs that offer a router to their subscribers to check and ensure that the device is not vulnerable. Meanwhile anybody worried about the threat should read our article from Tuesday, which offers some further detail and advice.

UPDATE 5th Dec 2016

KCOM has issued the following update this morning.

KCOM Statement

From this morning, we are rolling out an automated upgrade for Zyxel AMG 1302-T10B routers which is designed to remove any service issues and remove the vulnerability that the cyber-attack exploited last week. In order to find the solution, we have been liaising with other broadband providers affected by the cyber-attack.

It is very important for all users of this router (whether you are experiencing any issues or not) to follow the simple steps below to upgrade router settings.

1. Unplug your router from the electrical socket and leave it off at least 30 seconds

2. Switch the power back on and leave your router for at least 15 minutes while the settings update automatically. The lights on the router will flash intermittently during this time. It is very important that you do not try to access the internet during this phase. This will allow your router to process the upgrade and come back online.

We expect this to clear any issues you have accessing the internet and it will also remove the vulnerability for all customers using this device.

Leave a Comment
2 Responses
  1. Avatar mark

    why was I told that they are pining these routers continuesly and they cannot block the attacks and the only way to stop the said router being reinfected is to update the firmware the version 2.00 15 as of 30th November released by zyxel ..

  2. Avatar Alex

    Pretty sure the technicolor routers are affected as well – perform nmap online on your IP address you will find an open http port even though remote assistance is set to off

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £16.80 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Post Office £20.90 (*37.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • TalkTalk £21.95 (*36.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited (FUP)
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2589)
  2. FTTP (2365)
  3. FTTC (1701)
  4. Building Digital UK (1645)
  5. Politics (1490)
  6. Openreach (1468)
  7. Business (1288)
  8. FTTH (1170)
  9. Statistics (1132)
  10. Mobile Broadband (1087)
  11. Fibre Optic (994)
  12. Ofcom Regulation (950)
  13. Wireless Internet (947)
  14. 4G (942)
  15. Virgin Media (893)
  16. EE (618)
  17. Sky Broadband (617)
  18. TalkTalk (597)
  19. Vodafone (559)
  20. 3G (424)
New Forum Topics
»
Latency with IDNet
Author: BigAlbert
»
Zen latency
Author: BigAlbert
»
Online gaming / ping
Author: BigAlbert
»
»
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact