Mirai Infection

Step by Step Guide to Clear the Mirai BOTNET.


If you are receiving this notice, there is a high chance that one or more of the devices on your home, office, or business network are infected with the Mirai BOTNET. In effect, this means that someone has criminally loaded a program on your device without your permission with the intention to break the law.

What is “Infected” by the Mirai Malware? What does it do?
The Mirai is malware that gets installed on devices inside the home that aren’t necessarily your computer. These devices can be video cameras, printers, DVD players, TVs, and other devices connected to your home or business network.
When a device is infected with the Mirai malware, it’s controlled by “threat actors” to build a BOTNET. These Mirai BOTNETs are then used to attack other networks with denial of service attacks, which is overloading another site so it crashes. These criminals are using your devices to attack others.

Step by Step fix Mirai Guide
We don’t like knowing that someone else has control of your property, so we strongly recommend that you take the following actions:

1. Connect to the Device’s Admin Screen. Make sure you can connect to the administration screen of your device. If you do not know how to connect, do a quick search online for the manual and instructions to connect to the device’s admin screen.
2. Disconnect the devices from the network. It is safer to reset/reboot the device while disconnected from the Internet. This allows you to change the admin password without getting re-infected.
3. Factory Reset and Reboot the device. The Mirai Malware is installed in dynamic memory. Rebooting the device will clear out the bad software. It is strongly recommended to do a full “factory reset.”
4. Change the admin password! The criminals are breaking into your device by using the device’s default password. Changing the password to one that only you know will help keep the criminals from breaking into your device.
5. Upgrade the Software and Firmware. Once the device's admin password has changed, it would be time to upgrade the software and firmware. It would be recommended to select “automatic upgrades.” This will keep the device up to date with the latest software.
6. IoT vendors are releasing advisories about their products. Contact your device vendor.

Next Steps?
There will always be someone trying to break into your computer, devices, accounts, and network. There are here are common sense habits that will make it much harder for any cybercriminal to succeed.

Home Networks
Change all “default” passwords. Many IoT devices, home appliances, home routers, and other items that “plug into” your network will have default passwords set by the factory. Change these to passwords to something only you would know, and remember to switch it up.

Patch your software often. The vendors for your devices will often provide software patches for security vulnerabilities. Make it a habit to check for new software. Vendors who make software upgrades easy should be preferred.

Disable Universal Plug and Play (UPnP) on your Home Router. UPnP is a protocol to make it easy for devices inside your network to “open a port” to allow outside computers to communicate into your network. In essence, UPnP opens a hole in your security. Turning off UPnP adds to the security of your network.

Don’t allow remote management of your home/business router over the Internet. Many home and small business routers allow for “remote management”. There are too many security challenges for most people to safely manage the device from the Internet, and enabling this feature often opens a remote web interface that can then be scanned and attacked. It’s always safer to manage the home/business router from inside the network. If it is absolutely necessary to reach your device from a remote location, consider setting up a rule in your firewall to only allow access from that location (IP address) rather than the entire Internet.

More information about Mirai: https://www.us-cert.gov/ncas/alerts/TA16-288A

If you have any further questions, we will be happy to assist you. Please feel free to contact us on aup@virginmedia.ie