I am curious if other Operators are seeing issues on their networks due to users with Android STBs called SuperBox? It appears there are some recent findings about a malware called KIMWOLF. We are seeing several customers report issues due to their IP being added to a block list. Our Trouble department may swap out the customer's router, thinking it could be bad. The new router gets a new IP, and It temperarlly fixes the issue. I am curious if other users have found a good way to identify this traffic? I am also curious if you have implemented any Block lists that could be shared with the Group that could help stop the traffic? Thanks for any ideas you can share.
FYI: https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-loca... - Michael Veit Sent from Proton Mail for iOS. -------- Original Message -------- On Tuesday, 01/06/26 at 15:26 Corey Smith via NANOG <nanog@lists.nanog.org> wrote: I am curious if other Operators are seeing issues on their networks due to users with Android STBs called SuperBox? It appears there are some recent findings about a malware called KIMWOLF. We are seeing several customers report issues due to their IP being added to a block list. Our Trouble department may swap out the customer's router, thinking it could be bad. The new router gets a new IP, and It temperarlly fixes the issue. I am curious if other users have found a good way to identify this traffic? I am also curious if you have implemented any Block lists that could be shared with the Group that could help stop the traffic? Thanks for any ideas you can share. _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/K44SCILZ...
participants (2)
-
Corey Smith -
Michael Veit