User Anna-senpai published on a hacking forum the source code for the Internet of Things (IoT) botnet “Mirai,” used to launch a historically DDoS, distributed denial-of-service attack against KrebsOnSecurity.com last month. Brian Krebs, security expert and author of the block said the information published Friday could lead to massive cyber attacks all over the world.
The user on the English-speaking hacking community Hackforums made public on Friday the source code of the malware Mirai. The botnet, once on the computer, can spread to vulnerable devices by scanning the Internet for IoT systems protected by factory default or using usernames and passwords. The Mirai botnet can attack from insecure routers, digital video recorders, IP cameras, and other internet connected devices.
DDoS stand for distributed denial-of-service attacks that seek to take out websites. The method to do so is flooding the machine, server or website sending multiple simple requests of information until they overload the target and make it unable to keep working.
Hackers use “botnets” to connect all the devices hacked and brought them together for their control. People can get Mirai malware to their computers by downloading software without noticing it, following a link on e-mail, or agreeing to download an infected file.
Mirai makes internet-connected devices dependent on a central server or botnet. Then, Hackers can use the malware in the vulnerable devices -without the instrument’s owner knowledge- and activate cameras and other features to collapse a site.
The attack to KrebsOnSecurity last month involved 620 gigabytes of sent information every second. That amount of requests is more than enough to collapse a website, and KrebsOnSecurity could not do anything about it.
Anna-senpai said on the forum that he/she decided to release the code to stop scrutiny from the security industry.
“When I first go in DDoS industry, I wasn’t planning on staying in it long,” Anna-senpai wrote. “I made my money; there’s lots of eyes looking at IOT now, so it’s time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping,” wrote Anna-senpai on Hackforums.
Mirai is not the only malware of its type, but it can be clean from technology
There is a similar malware called “Bashlight,” and it works like Mirai: it also infects systems via default names and passwords on IoT devices. Both Mirai and Bashlight are the two known families of malware that have been recently used to collect large IoT-based DDoS armies, KrebOnSecurity reports.
The blog also says that Bashlight is responsible for enslaving almost a million of vulnerable devices to its botnet. Bashlight and Mirai are in direct competition, the security firm stated Level3 Communications, told KrebOnSecurity.
Level3 Communications indicated that both Mirai and Bashlight want the same IoT devices and their exposure.
Apparently, there is a way to get rid of the malware by rebooting the computer. By doing so, the device will wipe the malicious code from memory, but it is not alway effective. Some experts say, according to KrebsOnSecurity, that due to the constant scanning on vulnerable devices, the malware find its way back to them after a few minutes of a reboot.
Only changing the default password of all devices can protect them from being reinfected after the initial reboot.