Thousands of TalkTalk, Post Office, and KCOM broadband customers lost their internet connection this week, after the Mirai worm targeted the providers’ routers. That’s the same bug that took down Germany’s Deutsche Telekom earlier in the week, and Twitter, Spotify, Reddit, and eBay earlier in the year.
The Mirai worm is a malicious piece of software that spreads through hijacked or compromised computers, in particular those that use Linux-based operating systems. That apparently includes a few models of router, including the DSL-3780 used by TalkTalk and the Zyxel AMG1302 used by Post Office and KCOM.
Luckily, it looks like the attack has only affected broadband - users' devices seem to have been spared.
A Post Office spokesperson said: "We would like to reassure customers that no personal data or devices have been compromised. We have identified the source of the problem and implemented a resolution which is currently being rolled out to all customers."
Likewise, TalkTalk is looking into the issue. A spokesperson said: "Along with other ISPs in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm. We have deployed additional network-level controls to further protect our customers."
Estimates put the number of affected households at about 100,000 for Post Office and 10,000 for KCOM. It's likely much lower for TalkTalk, since very few customers still use the DSL-3780 model of router.
No one has taken responsibility for the spread of the worm yet, which appears to be targeted and malicious. Security experts think the hackers may be in Russia, but aren't sure whether they're just mining for data or specifically looking to shut things down.
If your TalkTalk, Post Office, or KCOM internet has been a bit dodgy lately, restart your router. This will force it to install and use software updates that beat the bug.
Even though devices haven't been reported as compromised, always keep up-to-date security software running… and maybe run a full scan today, just to be on the safe side.