Originally, Mirai was designed to infect devices built with weak default logins and passwords by scanning the internet for them and then trying a list of more than 60 password combinations. But this new strain also targets a flaw in the SOAP (Simple Object Access Protocol) service embedded in the Zyxel router products, allowing the malware to take over the devices, Ullrich said.
It’s unclear how many devices may have been affected, but Deutsche Telekom said the disruption, which began on Sunday, caused 900,000 out of its 20 million customers to experience connection problems.
Source: http://www.computerworld.com/article/3145372/security/upgraded-mirai-botnet-disrupts-deutsche-telekom-by-infecting-routers.html#tk.rss_all