Cyber Attack

Source Code of DDoS IoT Botnet ‘Mirai’ That Attacked Krebs Released Online

Sharing is caring!

A hacker has released the source code for the malware that powered the distributed denial of service attacks that were launched against security blog Krebs on Security.

According to Brian Krebs, the owner of the Krebs on Security blog, the source code for the malware, known as Mirai, was uploaded on the hacker website Hackforum by a user who used the name Anna-senpai

The malware known “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for unsecure configured IoT devices which is protected by factory default or hard-coded usernames and passwords. The malware is able to take control over the internet-connected appliances and gadgets such as smart refrigerators, web cameras and CCTVs.Once the infected IoT devices are assembled, the hacker can control them from a central server to launch DDoS attacks on target websites.

The Hackforums user who released the code, using the nickname “Anna-senpai,” told forum members the source code was being released in response to increased scrutiny from the security industry.

“When I first go in DDoS industry, I wasn’t planning on staying in it long,” Anna-senpai wrote. “I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO [link added]. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”

Mirai, while being newer and more sophisticated than rival malware Bashlight, has only created 233,000 infected devices compared with 963,000 for Bashlight. However, with the public release of the Mirai source code, the malware could go mainstream and lead to the infection of even more unprotected IoT devices for more powerful DDoS-launching networks

Infected systems can be cleaned up by simply rebooting them — thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot.

Despite that, it is unclear why the hacker decided to upload the Mirai source code, as the malware and its ability to expand infected IoT devices is a lucrative asset for criminal hackers. One possibility is that, with the source code out in the open with more hackers in possession of it, it would be harder for the authorities to pinpoint its original author.

Join The Discussion