Difference between revisions of "Mirai Botnet"
(Created page with "The Mirai botnet is a network of Internet of Things devices infected with Mirai malware, used for massive Distributed Denial of Service (DDoS) attacks. Most notably, the Mirai...") |
|||
Line 1: | Line 1: | ||
− | The Mirai botnet is a network of Internet of Things devices infected with Mirai malware, used for massive Distributed Denial of Service (DDoS) attacks. | + | The Mirai botnet is a network of Internet of Things (IoT) devices infected with Mirai malware, used for massive Distributed Denial of Service (DDoS) attacks. The Mirai malware was discovered in August 2016 by MalwareMustDie<ref>http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html</ref>, and it’s first major attack was on computer security expert Brian Krebs’s personal website <ref>http://www.computerworlduk.com/security/krebs-ddos-aftermath-industry-in-shock-at-size-depth-complexity-of-attack-3646809/</ref>. The botnet gained mainstream notoriety after performing the largest DDoS attack in history against DNS provider Dyn in October 2016 <ref>https://www.flashpoint-intel.com/action-analysis-mirai-botnet-attacks-dyn/</ref>. The Mirai Botnet is now being rented on dark web for performing DDoS attacks for high paying clients <ref>https://www.cyberscoop.com/mirai-botnet-for-sale-ddos-dark-web/</ref> |
+ | |||
+ | ==Technical Notes== | ||
+ | Mirai malware targets poorly secured IoT devices by brute-forcing into them with a list of common usernames and passwords. Mirai then infects the device with software which gives control of the its network resources to a central server. Devices will remain infected until they are rebooted. Mirai’s inventor claims that the botnet uses upwards of 380,000 devices in an attack at a rate of 620 Gbps <ref>https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/</ref>. | ||
+ | refInterestingly, Mirai has a list of hardcoded IP addresses in the source code to avoid attacking. The list includes Hewlett-Packard, General Electric, and the US Postal Service. <ref>https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html</ref> | ||
+ | |||
+ | ==History== |
Revision as of 23:11, 19 February 2017
The Mirai botnet is a network of Internet of Things (IoT) devices infected with Mirai malware, used for massive Distributed Denial of Service (DDoS) attacks. The Mirai malware was discovered in August 2016 by MalwareMustDie[1], and it’s first major attack was on computer security expert Brian Krebs’s personal website [2]. The botnet gained mainstream notoriety after performing the largest DDoS attack in history against DNS provider Dyn in October 2016 [3]. The Mirai Botnet is now being rented on dark web for performing DDoS attacks for high paying clients [4]
Technical Notes
Mirai malware targets poorly secured IoT devices by brute-forcing into them with a list of common usernames and passwords. Mirai then infects the device with software which gives control of the its network resources to a central server. Devices will remain infected until they are rebooted. Mirai’s inventor claims that the botnet uses upwards of 380,000 devices in an attack at a rate of 620 Gbps [5]. refInterestingly, Mirai has a list of hardcoded IP addresses in the source code to avoid attacking. The list includes Hewlett-Packard, General Electric, and the US Postal Service. [6]
History
- ↑ http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html
- ↑ http://www.computerworlduk.com/security/krebs-ddos-aftermath-industry-in-shock-at-size-depth-complexity-of-attack-3646809/
- ↑ https://www.flashpoint-intel.com/action-analysis-mirai-botnet-attacks-dyn/
- ↑ https://www.cyberscoop.com/mirai-botnet-for-sale-ddos-dark-web/
- ↑ https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
- ↑ https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html