mirai botnet affecting my r7000

3 posts / 0 new
Last post
stuccoman
stuccoman's picture
mirai botnet affecting my r7000

I got an aotomated call yesterday from my internet provider stating I had a security issue with a device attached to my wireless home network.

I called them today and they say it is a virus called mirai botnet

I was told to have it removed by tomorrow or they may be forced to shut down my internet.

From what I have read it is possible for the R7000 to get infected with this. I am not sure if it is just the factory firmware that is vulnerable or if Tomato is also.

I am running the newest Tomato firmware. Is there any chance that my router is infected? I find it really hard to find any real information using google to try and narrow down what device actually has it installed.

Many thanks in advance

Geoff

 

Bevy_A
Bevy_A's picture
Mirai typically infects

Mirai typically infects unsecured IoT devices (such as webcams or other small devices that communicate wirelessly) that are using default passwords and login names. Although the code can be edited to target routers as well, this hopefully isn't the case for you. If you have implemented any security on your router at all, such as changing the admin password to log in to the interface, it is probably not the culprit. Instead I would look at the other devices attached to your network. Even small things you don't use much as these would be much more likely to be unsecured. From reading a little about it, once you reboot the infected device it is no longer infected. Unforunately it will be reinfected very quickly if you don't change the default login information. 

In short just reboot any and all devices in your LAN and make sure that each one is changed from the default login information and you should be okay. Hope this helps. A quick google search for "Mirai botnet" will yeild any further information you need or confirmation of what I've said. 

stuccoman
stuccoman's picture
Thank you 

Thank you