The code executes a command that turns unsecured internet-connected devices like phones, routers and even webcams into zombie-like “bots”. These bots can then be used to overwhelm a website with requests and force it to crash – something known as a tactical DDoS (distributed denial-of-service) attack.
Brian Krebs, the journalist who runs KrebsonSecurity, warned that now the code is out, we could see a spike in targeted attacks.
“The malware, dubbed ‘Mirai’ spreads to vulnerable devices by continuously scanning the Internet for IoT (Internet of Things) systems protected by factory default usernames and passwords,” he wrote.Brian Krebs, the journalist who runs KrebsonSecurity, warned that now the code is out, we could see a spike in targeted attacks.
“The malware, dubbed ‘Mirai’ spreads to vulnerable devices by continuously scanning the Internet for IoT (Internet of Things) systems protected by factory default usernames and passwords,” he wrote. In an earlier post, he explained that the publishing of the Mirai code is “virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.”
The code was shared on the online message board Hackforums.
It’s the kind of discussion website that exists on the deep web – the large part of the internet that isn’t indexed by traditional search engines like Google, Bing or Yahoo.
Only about 4% of the internet is known web pages – the rest is connections protected by logins, closed networks or other anonymising software. Beyond the deep web is a smaller subset known as the dark web – where publishing and discussion of malicious code is common. “Protocols on the dark web make it possible for users to be anonymous. It clicks through a new route each time you connect through servers. If you’re on for more than five minutes it switches your IP address,” explains Charlie Abrahams, senior vice president at MarkMonitor .
“[The dark web] looks a bit like the internet of the 80s. A less slick version of a modern place where you would do business,” Mr Abrahams told the Mirror. “When we look at what’s on the dark web, the most common item is narcotics but there’s other stuff like intellectual property or counterfeit merchandise. And you also see a lot of hacking tools for sale. Rootkits, phishkits – and emails that are clearly designed to steal your password.”
The power of the Mirai code was revealed last month when Krebs’ own site was hit by a devastating DDoS attack. The attack sent roughly 620GBs of data to the servers every second, crippling the website.
The hacker that posted the code goes by the name of “Anna-senpai” and said that the code was posted in response to increased scrutiny from the security industry.
“When I first go in DDoS industry, I wasn’t planning on staying in it long,” the hacker wrote, according to Krebs .
“I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.” Security experts say that IoT devices can be rebooted to wipe the malware code from their memory, but because their is constant scanning from the hacker community, they can often be reinfected just as quickly. “It’s an open question why anna-senpai released the source code for Mirai, but it’s unlikely to have been an altruistic gesture,” Krebs surmised.
“Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home.”
Find the Original Article Here