News

Source code of malware behind iot botnet Mirai appears online

By admin
Spread the love

A person by the name of ‘Anna-senpai’ has put the source code for the malware behind the Internet-of-things botnet ‘Mirai’ online. This was recently used, among other things, to shut down the site of journalist Brian Krebs.

The publication took place on Friday on the Hack Forums site, Krebs writes in a blog post. The Mirai malware used to create a botnet searches for Internet-of-things devices such as IP cameras and digital video recorders with default passwords. In this way, the malware is able to infect many such devices and use them as bots for ddos ​​attacks. The person behind the publication claims in a message that he can control up to 380,000 bots via telnet with Mirai. After the big ddos ​​on the Krebs site, this number would have fallen to 300,000 due to actions by isp’s. The journalist was able to verify that the 600Gbit/s DDOs on his site were performed by the Mirai botnet.

Krebs writes, citing sources, that besides Mirai, there is at least one other malware strain targeting IoT devices. One of the known variants is the so-called Bashlight malware, which infects devices in the same way as Mirai. Based on its own research, the security company Level 3 claims that this variant is present on almost a million systems. Often Bashlight targets the same systems as Mirai. The malware could be removed by restarting the device, but due to constant scans for vulnerable systems, they are infected again within minutes.

Level 3 cso Dale Drew explains to Ars Technica that the latest version of the Mirai malware is able to encrypt traffic between the bots and command and control servers. This measure complicates research into the malware. In addition, Mirai is able to take over and patch systems infected by Bashlight, so that they are no longer vulnerable to this variant. The malware is said to be mainly present on Dahua IP cameras. These would still function during a ddos ​​attack. Drew adds that the nearly 1Tbit/s attack on the hosting party OVH was carried out by Bashlight.

The reasons for the malware’s publication are still unclear, Krebs continues. He states that criminals often put the source code of their tools online when law enforcement and security companies get a little too close with their investigation. By publishing it, the original owners of the malware would therefore not be the only ones who have this software. It is also expected that the publication will lead to a growing number of DDOs attacks, Krebs said.

The post of ‘Anna-senpai’ on Hacker Forums

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin