Almost 1 million Deutsche Telekom customers in Germany have been struggling to get online since Sunday afternoon thanks to what's believed to be an attack on poorly-secured and older DSL modems. According to SANS, the outage appears linked to an evolution in the Mirai malware, which scans for vulnerable routers and internet of things devices with weak default credentials, and incorporates them as part of historically large DDoS attacks.
This latest evolution appears to use a recently documented SOAP exploit to automatically infect older, but popular DSL routers and other devices.
Deutsche Telekom has released a firmware update for its impacted routers that requires customers to reboot the router to be automatically installed.
Deutsche Telekom tells the BBC that the number of impacted customers dropped to closer to 400,000, but the problem is ongoing for many European users.
"There is no error pattern: some customers are experiencing temporary problems or very marked fluctuations in quality, but there are also customers for whom the service is not working at all," Deutsche Telekom said in a statement on its website.
"Based on the error pattern, we cannot exclude the possibility that the routers have been targeted by external parties with the result that they can no longer register on the network," adds the European ISP, somewhat downplaying the scale of dysfunction on display here.