Updated: All About The New Mirai Botnet Attacks

Most of the Internet sites and services that were impacted by the huge Dyn attack were caused by the Mirai Botnet. Security analysis and various reports indicate that Mirai will continue to be a threat to a significant part of the Internet.

Manual removal of active Mirai botnet infections requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete malware threats with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

A Preface To The Latest Mirai Botnet Menace

There have been several large attack campaigns ever since the Mirai source code leaked on the Internet. The series of botnet attacks that targeted the Dyn Domain Name System service was done by large botnets and the larger part of it was Mirai itself. The result was that major services and sites were impacted including Spotify, Twitter, Netflix, Amazon and Reddit. The Mirai allows the criminal hackers to launch concurrent large-scale attacks against a single or multiple victims thereby rendering them offline. The size of the Mirai botnet is so large that it can even take down important services like the ones that were impacted last week. This is probably one of the biggest DDOS incidents that have been reported so far.

The reasons why this has happened is that people do not take security on Internet of Things (IoT) devices seriously. Read our guide to understand more about this issue. Some IoT vendors have already started to amend some of the issues, for example the Chinese company Xiongmai has issued a statement that it would recall its line of home webcams in the United States after these devices were found to have played a part of the Mirai botnet.

In a blog post researchers from FlashPoint security noted that the major attack was not carried out by a specific state. This rules out the possibility of a large-scale massive attack from a government entity. In most cases the likely operators are a hacker collective that is presently unknown to the public.

mirai-botnet-attack-bss-image

Mirai Source Code Released

The source code of the Mirai botnet has been released on the underground community HackForums. The person who released the code is known under the alias “Anna-senpai” and has left the following message in the topic:

“When I first go in DDoS industry, I wasn’t planning on staying in it long. I made my money, there’s lots of eyes looking at IoT now, so it’s time to GTFO [link added]. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”

More About The Mirai Botnet Threat

Several reports show more details about the Mirai botnet threat. The initial infection vector begins with a scan of the target IoT appliance. This is used to launch software exploits against possible vulnerabilities in the installed services and software on device.

So far the criminal developers of Mirai have created versions that can infect appliances running on the ARM, MIPS and PowerPC architectures. Once remote access has been granted the botnet starts to run various commands in an attempt to gain root (superuser) privileges. It also does a fingerprint scan – a technique used to detect system information like the processor, available memory and mounted storage, kernel versions and other related data. The malicious payload is then downloaded and the Mirai botnet starts to scan the network and other hosts with a very high rate (more than 100 connections per second) to infect further devices.

Attacks with Mirai are especially dangerous as the public source code allows virtually anyone to carry out these dangerous campaigns. We just hope that product vendors will start to patch their devices and create working solutions that amends the software vulnerabilities found in the smart devices.

A good place to start would be the deliberately requiring the users to go through a security setup of their appliance instead of allowing everyone to run the default configuration settings that are installed by the manufacturers. Such a simple procedure would actually counter most of the currently active botnet infections.

Manual removal of active Mirai botnet infections requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete malware threats with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *