Mirai hijacks headlines as well as major websites

Written by on October 31, 2016 in Guest Blog with 0 Comments
kirill_makarov / Shutterstock.com

kirill_makarov / Shutterstock.com

Mirai malware once again hijacked headlines last week as it was identified as the tool behind last week’s massive DDoS attack. Earlier this month October, a hacker published the source code of the Mirai malware online for everyone to use, modify and abuse. The Mirai malware was created to automatically search the internet for unsecured IoT/connected devices that could be used to build a Botnet slave for DDoS attacks.

In late September, we covered (Mother of all DDoS attacks) an unprecedented attack against security journalist Brian Krebs’s site, apparently also attributed to the Mirai malware.

The DDoS Attacks on Kerbs hit with over 600Mbps and on the hosting provider OVH with over 1Tbps of traffic.  The DDoS Attacks not only used PCs recruited by malware infections (the traditional tool used by threat actors) they also used vulnerable IoT devices such as routers, PVRs, thermostats, refrigerators and cameras. are now targeted by the bad guys as they are often poorly secured and easy to exploit.

What we know about Mirai malware

A link to the malware code, first spotted by Krebs, was posted in the criminal hacker site Hackforum by a user named “Anna-senpai,” who dubbed the malware “Mirai.” The malware is designed to infect Internet of Things (IoT) devices that haven’t changed their default usernames and passwords—a common occurrence in the frighteningly poor security used by IoT products like web cams, “smart” refrigerators, and other internet-connected home appliances. Once assembled, these massive armies of zombie devices can be controlled from a central server, where they are typically leased out to other criminal hackers to launch DDoS attacks against target websites.

mirai-malware

 

According to this post (here) by security vendor Arbor, The original Mirai botnet  currently consists of a floating population of approximately 500,000 compromised IoT devices worldwide; relatively high concentrations of Mirai nodes have been observed in China, Hong Kong, Macau, Vietnam, Taiwan, South Korea, Thailand, Indonesia, Brazil, and Spain.  Additional Mirai concentrations have been also been observed in multiple countries located in North America, Europe, and Oceania.

Arbor’s researchers found that a Mirai variant in the wild has a “a remote-control backdoor” that listens for commands over port 103. That wasn’t present in the original source code, according to three independent security researchers who have studied the Mirai malware.

Normally, when Mirai infects a target, it disables the protocol that allows anyone to try to connect to the target. This new functions allows the criminals who infect a device to still be able to control it even if their command and control server is taken down.

More on Motherboard.

This article was first published on CyberSec.buzz

Tags: , , ,

Jonathon Gordon

About the Author

About the Author: Jonathon has been lurking around the Telecoms and Internet space for the last 20 years. He is now a man on a mission – that being the reformation of the Industry Analyst business. He is working with his co-conspirators on transforming the Industry Analyst world forever as an Expert with EMI. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: