The source code responsible for the huge distributed denial-of-service (DDoS) attack launched against KrebsOnSecurity last month has been publicly released online, which will likely lead to numerous attacks using the Internet of Things (IoT) botnet.
The English-language hacking community Hackforums announced the leak of the source code for the malware which has been dubbed “Mirai.” The malicious code works by spreading to vulnerable devices by continuously scanning the web for IoT systems that are protected by either factory default or hard-coded usernames and passwords.
Mirai that seeds these vulnerable devices with malicious software which turns them into bots that report to a central control server. The bots can than be used in conjunction with one another to launch powerful DDoS attacks that can be used to bring websites offline.
The Hackforums user responsible for releasing the source code goes by the online handle “Anna-senpai” and stated that the reason they were making it public was as a result of increased scrutiny from the security industry. Anna-senpai explained the decision to leak the source code for Mirai in a post on the forum, saying: “When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there's lots of eyes looking at IoT now, so it's time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”
KrebsOnSecurity was made aware by source that Mirai is one of at least two malware families that are being utilised by attackers to quickly amass large IoT-based DDoS armies. The other strain of malware being used is known as “Bashlight” and functions in a similar way to Mirai as it infects IoT systems via default usernames and passwords.
Systems that have been infected by Mirai or Bashlight can be cleaned by rebooting. Once the system is rebooted the malicious code will be wiped from its memory. However, experts have noted that since there is so much continuous scanning for vulnerable IoT systems that they can be reinfected with minutes after a reboot.
In order to protect these systems permanently, it is essential that one changes the default passwords so that they are not reinfected after a reboot.
Image Credit: Andriano.cz / Shutterstock