www.belgium.be Logo of the federal government
Document
Mirai is a Linux-based malware, which targets devices connected to the Internet (or 'Internet of Things', also known as 'IoT devices'), such as home router, IP camera, video recorder etc. The attack was launched by infecting vulnerable IoT devices such as routers and IP cameras with Mirai malware that formed a botnet. These devices are vulnerable because many of them are not patched and have only weak access credentials, i.e. many of them use a known default user name and password.
 
Contact an IT expert if you need help performing these actions. 

How to recover?

Mirai malware is only "memory-resident" (volatile). You can remove the Mirai malware by simply rebooting the infected device. However, the device can be scanned and reinfected via the network. Therefore, the following effective approach is suggested:
  1. If you suspect your device is infected, immediately disconnect it from the network and turn it off for a while.
  2. Check whether your home router or firewall opens TCP port 23 from the device to the internet. If so, close this port.
  3. Restart the infected device.
  4. Restore the infected device to its factory settings (factory reset).
  5. Change the default password of the devices (via the admin user interface) to a strong password.
  6. Keep the Telnet service and TCP port 23 of the device closed. If access from the Internet to the device is required, use SSH or other VPN services and apply a strong password and authentication.
Note: Refer to the device manual or contact the device manufacturer if necessary.

How to prevent?

  1. Researchers have found that the attackers have compromised the devices via the Telnet service (TCP port 23) to infect them with Mirai malware. From your home router or firewall, close the mentioned service and its port if you do not need it. You can check if the mentioned service is open from the following web page:https://www.yougetsignal.com/tools/open-ports/
  2. If you do not need to connect your device directly to the internet, place it on a secure internal network or use SSH or other VPN services.
  3. If you are planning to purchase a new device, make sure that the firmware of the device can be patched. Check with the manufacturer for their practices and history of patching the product firmware.