Software Integrity Blog


The code used to create massive IoT-based botnet now public

The malware that may have created the IoT-based botnet that brought down a security website a few ago has been released to the public.

Known as Mirai, the source code was published Friday on the English-language hacking community Hack Forums. The malware targets vulnerable firmware on IoT devices such as internet-connected surveillance cameras. The person releasing Mirai used a nickname, Anna-senpai. Senpai means “upper classman” in Japanese.

It is common for criminal hackers to release malware source code after a very public event. This is because with common use it becomes the harder for law enforcement to pinpoint who created it or used it in the event. Also, once the malware code is used in a very public attack, it can be blocked by security companies and vendors and therefore has less value.

“When I first go in DDoS industry, I wasn’t planning on staying in it long,” Anna-senpai wrote on a hacker forum, according to KrebsOnSecurity. “I made my money, there’s lots of eyes looking at IoT now, so it’s time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”

Krebs has reason to write about this. His website, KrebsOnSecurity, was the target of one of the largest distributed denial of service (DDoS) attacks in history, a 620 Gbps DDoS attack. The sustained volume of the attack forced Akamai to ask him to relocate. The site is how protected by Project Shield from Google.

The threat is that with the source code now public others may adopt it and use it to launch more IoT-based DDoS attacks in the near future.


More by this author