{"id":13038,"date":"2016-12-01T10:31:37","date_gmt":"2016-12-01T10:31:37","guid":{"rendered":"http:\/\/www.ispreview.co.uk\/?p=13038"},"modified":"2016-12-05T11:37:44","modified_gmt":"2016-12-05T11:37:44","slug":"kcoms-broadband-routers-latest-infected-mirai-worm","status":"publish","type":"post","link":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html","title":{"rendered":"UPDATE KCOM’s Broadband ISP Routers Infected by the Mirai Worm"},"content":{"rendered":"

Earlier this week we reported on how routers supplied by the Post Office, TalkTalk<\/a> and others were potentially vulnerable to a modified piece of malicious software called Mirai (here<\/a>), which hijacks the device. Today we learn that around 1,000 customers of KCOM<\/a>’s service in Hull have also been hit.<\/p>\n

<\/p>\n

Huge numbers of broadband subscribers across Europe have already suffered from the malware, which exploits some recently discovered weaknesses in the popular TR-069<\/strong> (remote management) and related TR-064<\/strong> (LAN-Side DSL<\/a> CPE Configuration) protocols and implementation by ISPs.<\/p>\n

So far various routers, such as those manufactured by T-Com\/T-home, D-Link, ZyXEL, MitraStar, Digicom and Aztech, have been hit and more may follow. For example, ZyXEL’s AMG1302<\/strong> (T11B and T10B) series is open to the exploit (unless the very latest firmware is applied) and this router is supplied by the Post Office. Sadly that same model is also used by some of KCOM<\/a>’s broadband customers.<\/p>\n

A Spokesman for KCOM<\/a> said (here<\/a>):<\/strong><\/p>\n

“We have now identified that the root cause of the problem was a cyber attack that targets a vulnerability in certain broadband routers, causing them to crash and disconnect from the network. The only affected router we have supplied to customers is the ZyXel AMG1302-T10B.<\/p>\n

The vast majority of our customers are now able to connect to and use their broadband service as usual. Our core network was not affected at any time, and we have put in place measures to block future attacks from impacting our customers’ routers and their ability to access the internet.”<\/p><\/blockquote>\n

Once again we are advising all broadband ISPs that offer a router to their subscribers to check and ensure that the device is not vulnerable. Meanwhile anybody worried about the threat should read our article from Tuesday, which offers some further detail and advice.<\/p>\n

UPDATE 5th Dec 2016<\/strong><\/p>\n

KCOM has issued the following update this morning.<\/p>\n

KCOM Statement<\/strong><\/p>\n

From this morning, we are rolling out an automated upgrade for Zyxel AMG 1302-T10B routers which is designed to remove any service issues and remove the vulnerability that the cyber-attack exploited last week. In order to find the solution, we have been liaising with other broadband providers affected by the cyber-attack.<\/p>\n

It is very important for all users of this router (whether you are experiencing any issues or not) to follow the simple steps below to upgrade router settings.<\/p>\n

1. Unplug your router from the electrical socket and leave it off at least 30 seconds<\/p>\n

2. Switch the power back on and leave your router for at least 15 minutes while the settings update automatically. The lights on the router will flash intermittently during this time. It is very important that you do not try to access the internet during this phase. This will allow your router to process the upgrade and come back online.<\/p>\n

We expect this to clear any issues you have accessing the internet and it will also remove the vulnerability for all customers using this device.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Earlier this week we reported on how routers supplied by the Post Office, TalkTalk and others were potentially vulnerable to a modified piece of malicious software called Mirai (here), which hijacks the device. Today we learn that around 1,000 customers of KCOM’s service in Hull have also been hit.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[1],"tags":[76,479],"class_list":["post-13038","post","type-post","status-publish","format-standard","hentry","category-uk_isp_news","tag-kc","tag-security"],"share_on_mastodon":{"url":"","error":""},"yoast_head":"\nUPDATE KCOM's Broadband ISP Routers Infected by the Mirai Worm - ISPreview UK<\/title>\n<meta name=\"description\" content=\"Earlier this week we reported on how routers supplied by the Post Office, TalkTalk and others were potentially vulnerable to a modified piece of malicious\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"UPDATE KCOM's Broadband ISP Routers Infected by the Mirai Worm - ISPreview UK\" \/>\n<meta property=\"og:description\" content=\"Earlier this week we reported on how routers supplied by the Post Office, TalkTalk and others were potentially vulnerable to a modified piece of malicious\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html\" \/>\n<meta property=\"og:site_name\" content=\"ISPreview UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ispreview\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/ispreview\" \/>\n<meta property=\"article:published_time\" content=\"2016-12-01T10:31:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-12-05T11:37:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2020\/07\/ispreview_uk_logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mark Jackson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ispreview\" \/>\n<meta name=\"twitter:site\" content=\"@ispreview\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Jackson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html\"},\"author\":{\"name\":\"Mark Jackson\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/person\\\/de66a8b4e937c21c80e443d1bf9c35d5\"},\"headline\":\"UPDATE KCOM’s Broadband ISP Routers Infected by the Mirai Worm\",\"datePublished\":\"2016-12-01T10:31:37+00:00\",\"dateModified\":\"2016-12-05T11:37:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html\"},\"wordCount\":505,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\"},\"keywords\":[\"KCOM\",\"Security\"],\"articleSection\":[\"ISP News\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html\",\"name\":\"UPDATE KCOM's Broadband ISP Routers Infected by the Mirai Worm - ISPreview UK\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#website\"},\"datePublished\":\"2016-12-01T10:31:37+00:00\",\"dateModified\":\"2016-12-05T11:37:44+00:00\",\"description\":\"Earlier this week we reported on how routers supplied by the Post Office, TalkTalk and others were potentially vulnerable to a modified piece of malicious\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2016\\\/12\\\/kcoms-broadband-routers-latest-infected-mirai-worm.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"UPDATE KCOM’s Broadband ISP Routers Infected by the Mirai Worm\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#website\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\",\"name\":\"ISPreview UK\",\"description\":\"Top Broadband ISP and Mobile Provider Information Site\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.ispreview.co.uk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\",\"name\":\"ISPreview.co.uk\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/ispreview_uk_logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/ispreview_uk_logo.jpg\",\"width\":1000,\"height\":1000,\"caption\":\"ISPreview.co.uk\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ispreview\",\"https:\\\/\\\/x.com\\\/ispreview\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/mjack\\\/\",\"https:\\\/\\\/bsky.app\\\/profile\\\/ispreview.bsky.social\",\"https:\\\/\\\/mastodon.social\\\/@ispreview\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/person\\\/de66a8b4e937c21c80e443d1bf9c35d5\",\"name\":\"Mark Jackson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"caption\":\"Mark Jackson\"},\"description\":\"By Mark Jackson Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.\",\"sameAs\":[\"http:\\\/\\\/www.ispreview.co.uk\",\"https:\\\/\\\/www.facebook.com\\\/ispreview\",\"https:\\\/\\\/x.com\\\/ispreview\"],\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/author\\\/markj\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"UPDATE KCOM's Broadband ISP Routers Infected by the Mirai Worm - ISPreview UK","description":"Earlier this week we reported on how routers supplied by the Post Office, TalkTalk and others were potentially vulnerable to a modified piece of malicious","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html","og_locale":"en_GB","og_type":"article","og_title":"UPDATE KCOM's Broadband ISP Routers Infected by the Mirai Worm - ISPreview UK","og_description":"Earlier this week we reported on how routers supplied by the Post Office, TalkTalk and others were potentially vulnerable to a modified piece of malicious","og_url":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html","og_site_name":"ISPreview UK","article_publisher":"https:\/\/www.facebook.com\/ispreview","article_author":"https:\/\/www.facebook.com\/ispreview","article_published_time":"2016-12-01T10:31:37+00:00","article_modified_time":"2016-12-05T11:37:44+00:00","og_image":[{"width":1000,"height":1000,"url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2020\/07\/ispreview_uk_logo.jpg","type":"image\/jpeg"}],"author":"Mark Jackson","twitter_card":"summary_large_image","twitter_creator":"@ispreview","twitter_site":"@ispreview","twitter_misc":{"Written by":"Mark Jackson","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html#article","isPartOf":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html"},"author":{"name":"Mark Jackson","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/person\/de66a8b4e937c21c80e443d1bf9c35d5"},"headline":"UPDATE KCOM’s Broadband ISP Routers Infected by the Mirai Worm","datePublished":"2016-12-01T10:31:37+00:00","dateModified":"2016-12-05T11:37:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html"},"wordCount":505,"commentCount":2,"publisher":{"@id":"https:\/\/www.ispreview.co.uk\/#organization"},"keywords":["KCOM","Security"],"articleSection":["ISP News"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html","url":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html","name":"UPDATE KCOM's Broadband ISP Routers Infected by the Mirai Worm - ISPreview UK","isPartOf":{"@id":"https:\/\/www.ispreview.co.uk\/#website"},"datePublished":"2016-12-01T10:31:37+00:00","dateModified":"2016-12-05T11:37:44+00:00","description":"Earlier this week we reported on how routers supplied by the Post Office, TalkTalk and others were potentially vulnerable to a modified piece of malicious","breadcrumb":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2016\/12\/kcoms-broadband-routers-latest-infected-mirai-worm.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ispreview.co.uk\/"},{"@type":"ListItem","position":2,"name":"UPDATE KCOM’s Broadband ISP Routers Infected by the Mirai Worm"}]},{"@type":"WebSite","@id":"https:\/\/www.ispreview.co.uk\/#website","url":"https:\/\/www.ispreview.co.uk\/","name":"ISPreview UK","description":"Top Broadband ISP and Mobile Provider Information Site","publisher":{"@id":"https:\/\/www.ispreview.co.uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ispreview.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.ispreview.co.uk\/#organization","name":"ISPreview.co.uk","url":"https:\/\/www.ispreview.co.uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/logo\/image\/","url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2020\/07\/ispreview_uk_logo.jpg","contentUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2020\/07\/ispreview_uk_logo.jpg","width":1000,"height":1000,"caption":"ISPreview.co.uk"},"image":{"@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ispreview","https:\/\/x.com\/ispreview","https:\/\/www.linkedin.com\/in\/mjack\/","https:\/\/bsky.app\/profile\/ispreview.bsky.social","https:\/\/mastodon.social\/@ispreview"]},{"@type":"Person","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/person\/de66a8b4e937c21c80e443d1bf9c35d5","name":"Mark Jackson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","contentUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","caption":"Mark Jackson"},"description":"By Mark Jackson Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.","sameAs":["http:\/\/www.ispreview.co.uk","https:\/\/www.facebook.com\/ispreview","https:\/\/x.com\/ispreview"],"url":"https:\/\/www.ispreview.co.uk\/index.php\/author\/markj"}]}},"_links":{"self":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/13038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=13038"}],"version-history":[{"count":0,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/13038\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=13038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=13038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=13038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}