Source malware behind iot botnet Mirai appears online




A person named “Anna-senpai” has the source code for the malware behind the Internet-of-things botnet ‘Mirai’ put online. This was recently used among other things to explain journalist Brian Krebs site flat.

The publication took place Friday at the site Hack Forums, writes Krebs in a blog post. The Mirai malware that is used to create a botnet looks for Internet-of-things devices such as IP cameras and DVRs with default passwords. In this way, the malware is able to infect many of these devices and to use them as bots for DDoS attacks. The person behind the publication claims in a message that he can control with Mirai to 380,000 bots using telnet. After the big DDoS on the Krebs site would have decreased this number to 300,000 by isp’s actions. The journalist has been able to verify that the 600Gbit / s DDoS on his site was conducted by the Mirai botnet.

Krebs writes citing sources that there is another kind of malware alongside Mirai at least that focuses on iot devices. One of the known variants is the so-called Bash Light-malware, which infects as Mirai devices in the same way. The security Level 3 claims on the basis of own research that this variant is present in nearly one million systems. Light Bash often focuses on the same systems as Mirai. The malware could be removed by restarting the device, but because it constantly scans for vulnerable systems take place, they are infected again within minutes.

Level 3 cso Dalw Drew explains from Ars Technica that the latest version of Mirai malware is able to encrypt the traffic between bots and command and control servers. This measure complicates research into the malware. In addition, Mirai able to take on infected systems by Bash Light and patch so that it is no longer vulnerable to this variant. The malware would mainly present on IP cameras Dahua. These would also still function while performing a DDoS attack. Drew added that the attack almost 1Tbit / s on the hosting OVH party was led by Bash Light.

The reasons for the publication of the malware are still unclear, Krebs writes. He argues that criminals often the source of their tools put online and investigative services and security companies something to close out their research. By publishing the original owners of the malware thus not the only ones who should have this software. It is also expected that the publication will be carried out a growing number of DDoS attacks, says Krebs.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »