Re: ISP Operators AISURU/Kimwolf botnet

[Tim Burke via NANOG <nanog () lists nanog org>]

The problem I see is that an article like this is intended for an IT/security professional audience. 

These TV piracy boxes are often used by uneducated folks that would not read such an article. They just want their 
sports and $cableNewsChannel, and if you tell them it’s illegal or full of malware, they will just tell you you’re 
wrong, keep using it, and let it cause their 1Gbps circuit to get saturated by botnet traffic, all in the name of “free 
television”. 

I have joined a few social media groups about these devices out of sheer curiosity, and have seen a number of threads 
from folks that ask why an ISPs security offering (typically Comcast’s “XFi Security” or AT&T’s “Active Armor”) would 
be complaining about traffic coming from the device… the common trend is to tell people to disable the security 
services, as “Infinity [SIC] is just trying to force you to buy their cable”. 

Hooray for Stockholm syndrome. 

> On Jan 16, 2026, at 20:10, Mel Beckman via NANOG <nanog () lists nanog org> wrote:
>
> Roland,
>
> The Krebs article you cite is even better than the one I linked, because it shows pictures of the many consumer 
> devices that can be infiltrated. People are likely to immediately recognize any they own, which will drive home the 
> point that this is their problem.
>
> -mel
>
> > On Jan 16, 2026, at 5:43 PM, Dobbins, Roland via NANOG <nanog () lists nanog org> wrote:
> >
> > 
> > On Jan 16, 2026, at 22:16, Benjamin Hatton via NANOG <nanog () lists nanog org> wrote:
> >
> > As a smaller ISP, I think the biggest thing that would help us would be a
> > 'mainstream' media outlet covering some of it so we have something to show
> > customers who call in about their internet being bad, us telling them it is
> > their android streaming box that is taking up their entire connection
> > moving TBs of data a day, and them responding with "but I bought it from
> > Walmart/Amazon" or "you are just trying to get me to sign up for your
> > cable" and refusing to do anything about it because 'free TV'.
> >
> > <https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/>
> > The Kimwolf Botnet is Stalking Your Local 
> > Network<https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/>
> > krebsonsecurity.com<https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/>
> > [favicon.ico]<https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/>
> >
> > _______________________________________________
> > NANOG mailing list
> > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/GC4T5N6XUSX3LGV3BQE4QT6CJ6G2ZUNK/
> _______________________________________________
> NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/3LYEDZZ6DQ6FMGD5VXTM3I4PZDIYMPWE/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/I2Q5E4MIFY5FRRKIPZTUZZZFY53BSDXW/