Mirai Botnet

The Mirai botnet is a network of Internet of Things (IoT) devices infected with Mirai malware, used for massive Distributed Denial of Service (DDoS) attacks. The Mirai malware was discovered in August 2016 by MalwareMustDie^[1], and it’s first major attack was on computer security expert Brian Krebs’s personal website ^[2]. The botnet gained mainstream notoriety after performing the largest DDoS attack in history against DNS provider Dyn in October 2016 ^[3]. The Mirai Botnet is now being rented on dark web for performing DDoS attacks for high paying clients ^[4]

Technical Notes

Mirai malware targets poorly secured IoT devices by brute-forcing into them with a list of common usernames and passwords. Mirai then infects the device with software which gives control of the its network resources to a central server. Devices will remain infected until they are rebooted. Mirai’s inventor claims that the botnet uses upwards of 380,000 devices in an attack at a rate of 620 Gbps ^[5]. refInterestingly, Mirai has a list of hardcoded IP addresses in the source code to avoid attacking. The list includes Hewlett-Packard, General Electric, and the US Postal Service. ^[6]

History

1. ↑ http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html
2. ↑ http://www.computerworlduk.com/security/krebs-ddos-aftermath-industry-in-shock-at-size-depth-complexity-of-attack-3646809/
3. ↑ https://www.flashpoint-intel.com/action-analysis-mirai-botnet-attacks-dyn/
4. ↑ https://www.cyberscoop.com/mirai-botnet-for-sale-ddos-dark-web/
5. ↑ https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
6. ↑ https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html