Slashdot Mirror

← Back to Stories (view on slashdot.org)

US ISP Goes Down As Two Malware Families Go To War Over Its Modems (bleepingcomputer.com)

Posted by BeauHD on from the new-kid-on-the-block dept.

An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.

3 of 93 comments (clear)

  1. Companies deploy hardware without any upgrade plan by jfdavis668 · · Score: 3, Informative

    Companies rent you hardware, and they give no thought to upgrades. Not only ISPs, but cable boxes and other such devices. As long as it works when installed, that's good enough. To be properly secure, you need to keep up with security updates.

  2. Re:Bricked or not? by Anonymous Coward · · Score: 3, Informative

    Bricked means the device is unsalvagable (by the end user.) You can typically salvage such devices by returning them to the manufacturer and having them JTAG the device to replace the firmware. Most cable/DSL modems can be updated via TFTP, but only if the device hasn't been wrecked beyond recovery.

    For example, any wireless router/modem can be destroyed permanently by setting the radios to maximum power and then connecting to each other so that they generate excessive amounts of EM radiation and eventually it will melt the amplifiers on at least one of the radios. It's like going from sitting inside a jet to sitting in front of the jet engine.

    DOCSIS cable modems can also destroy an entire neighborhood, trash the firmware in the right way and the cable modem will scream over the RF line and take out everyones modems. Not too different from how old pre-docsis modems would drown out a neighborhood every time someone loaded up winmx or kazaa

  3. King Graham has fallen so far! =( by An+Ominous+Cow+Erred · · Score: 3, Informative

    For those not in the know, this company is the heir to Sierra On-Line/Sierra Entertainment/Yosemite Entertainment in Oakhurst, CA. They created King's Quest, Space Quest, Police Quest, Leisure Suit Larry, et al. After the studio joined Codemasters they remained in Oakhurst until at some point it became an ISP. I'm not sure if any of the original folk are still there.

    Relevant Wikipedia Entry

    (The Sierra name lives on as a trademark of Activision, but in name only. The hallowed halls of that great studio are now an ISP.)