nanog mailing list archives
Re: Mirai botnet is back — now as "Meris"
From: Brandon Svec via NANOG <nanog () nanog org>
Date: Thu, 9 Sep 2021 09:55:47 -0700
Oof. I wonder if there is any connection to their DDNS service outage a couple days ago? https://forum.mikrotik.com/viewtopic.php?t=178256 *Brandon Svec* On Thu, Sep 9, 2021 at 2:43 AM Töma Gavrichenkov <ximaera () gmail com> wrote:
Peace, An undisclosed (or, even, yet undiscovered by the vendor) vulnerability in SOHO Mikrotik routers seems to be exploited by someone. Approx. 328 thousand devices already joined the botnet, with each having unrestricted access to the uplink (up to 1 Gbps). 42,6% of exploited devices reside in the U.S. https://blog.qrator.net/en/meris-botnet-climbing-to-the-record_142/ I didn't know Mikrotik was so popular in North America! Patching all those SOHO WiFi routers must be fun... -- Töma
Current thread:
- Mirai botnet is back — now as "Meris" Töma Gavrichenkov (Sep 09)
- Re: Mirai botnet is back — now as "Meris" Mike Hammett (Sep 09)
- Re: Mirai botnet is back — now as "Meris" Brandon Svec via NANOG (Sep 09)
- Re: Mirai botnet is back — now as "Meris" Töma Gavrichenkov (Sep 09)
- Re: Mirai botnet is back — now as "Meris" Mel Beckman (Sep 09)
- Re: Mirai botnet is back — now as "Meris" Töma Gavrichenkov (Sep 09)