Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,510
- Points
- 113
Last weekend, the author of the Mirai Trojan, known under the pseudonym Anna-senpai, published the source codes of his brainchild in the public domain on the Hack Forums. The source code has already been uploaded by researchers to GitHub (1 and 2).
In fact, Mirai works simply: it scans the Internet for IoT devices that are vulnerable to brute-force and hacking, accessible via telnet. The malware primarily infects surveillance cameras, DVRs and routers, and then continues to multiply like a worm.
The botnet's DDoS attacks recently hit journalist Brian Krebs and Europe's largest hosting provider OVH. The peak attack power reached 620 Gbps and over 1 TB / s. To achieve such results, the attackers used UDP, DNS and HTTP floods, as well as GRE (Generic Routing Encapsulation) packets, which experts recognized as very unusual. Writes xakep.ru.
Now MalwareTech specialists have studied the work of the Trojan and the associated botnet and submitted a report on their blog. For the study, the experts set up 500 trap servers emulating vulnerable IoT devices, and collected statistics from them. According to them, the assessments of other specialists were correct. For example, OVH representatives previously wrote that the botnet that attacked their servers has 145,607 cameras and is capable of generating attacks with a capacity of up to 1.5 TB / s using tcp / ack, tcp / ack + psh and tcp / syn.
The conclusions of MalwareTech specialists generally coincide with these observations. Thus, over a twelve-hour period, researchers recorded about 72,000 unique IP addresses, and 4,000 new IP addresses appeared every hour. From this, analysts concluded that the size of the botnet is very modest - only about 120,000 devices per day. And although other sources claim that the botnet is much larger and call the numbers 1-1.5 million bots, neither MalwareTech researchers nor Akamai specialists agree with this.
“Mirai, which has been largely ignored by everyone due to the simplicity of telnet attacks, has become almost the main topic of discussion in the media around the world last week, and law enforcement agencies have launched investigations, with the support of many international companies,” the researchers write. “It is highly likely that now powerful DDoS attacks will become more common practice as hackers find more and more vulnerable IoT devices or start infecting NAT-protected devices. It is definitely time for manufacturers to stop releasing devices with global default passwords and switch to devices with randomly generated passwords on the bottom of the case."
In fact, Mirai works simply: it scans the Internet for IoT devices that are vulnerable to brute-force and hacking, accessible via telnet. The malware primarily infects surveillance cameras, DVRs and routers, and then continues to multiply like a worm.
The botnet's DDoS attacks recently hit journalist Brian Krebs and Europe's largest hosting provider OVH. The peak attack power reached 620 Gbps and over 1 TB / s. To achieve such results, the attackers used UDP, DNS and HTTP floods, as well as GRE (Generic Routing Encapsulation) packets, which experts recognized as very unusual. Writes xakep.ru.
Now MalwareTech specialists have studied the work of the Trojan and the associated botnet and submitted a report on their blog. For the study, the experts set up 500 trap servers emulating vulnerable IoT devices, and collected statistics from them. According to them, the assessments of other specialists were correct. For example, OVH representatives previously wrote that the botnet that attacked their servers has 145,607 cameras and is capable of generating attacks with a capacity of up to 1.5 TB / s using tcp / ack, tcp / ack + psh and tcp / syn.
The conclusions of MalwareTech specialists generally coincide with these observations. Thus, over a twelve-hour period, researchers recorded about 72,000 unique IP addresses, and 4,000 new IP addresses appeared every hour. From this, analysts concluded that the size of the botnet is very modest - only about 120,000 devices per day. And although other sources claim that the botnet is much larger and call the numbers 1-1.5 million bots, neither MalwareTech researchers nor Akamai specialists agree with this.
“Mirai, which has been largely ignored by everyone due to the simplicity of telnet attacks, has become almost the main topic of discussion in the media around the world last week, and law enforcement agencies have launched investigations, with the support of many international companies,” the researchers write. “It is highly likely that now powerful DDoS attacks will become more common practice as hackers find more and more vulnerable IoT devices or start infecting NAT-protected devices. It is definitely time for manufacturers to stop releasing devices with global default passwords and switch to devices with randomly generated passwords on the bottom of the case."
