<div dir="ltr"><a href="http://www.pcworld.com/article/3126362/security/iot-malware-behind-record-ddos-attack-is-now-available-to-all-hackers.html">http://www.pcworld.com/article/3126362/security/iot-malware-behind-record-ddos-attack-is-now-available-to-all-hackers.html</a><br><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span><section class="gmail-page">
<p>The source code for a trojan program that infected hundreds of
thousands of internet-of-things devices and used them to launch
distributed denial-of-service attacks has been published online, paving
the way for more such botnets.</p>
<p>The code for the trojan, which its creator calls Mirai, was released
Friday on an English-language hackers’ forum, cybersecurity blogger
Brian Krebs <a href="https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/">reported</a> over the weekend. Krebs’ website was the target of a record DDoS attack two weeks ago that was launched from the Mirai botnet.</p>
<p>The trojan’s creator, who uses the online handle Anna-senpai, said
that the decision to release the source code was taken because there’s a
lot of attention now on IoT-powered DDoS attacks and he wants to get
out of this business.</p>
<p>Mirai used to enslave around 380,000 IoT devices every day using
brute-force Telnet attacks, according to Anna-senpai. However, after the
DDoS attack against <a href="http://krebsonsecurity.com">krebsonsecurity.com</a>, ISPs have started to take
action and block compromised devices, so the daily rate of Mirai
infections has dropped to 300,000 and is likely to go down even further,
the malware writer said.</p>
<p>It’s worth noting that unlike malware infections on desktop
computers, infections on IoT and embedded devices are usually temporary
and disappear when those devices are rebooted because they use volatile
storage. In order to maintain their size, IoT botnets need to find and
reinfect devices every single day.</p>
<p>The hijacking of home routers, DSL modems, digital video recorders,
network-attached storage systems and other such devices to launch DDoS
attacks is not new. For example, in October 2015, security firm
Incapsula <a href="http://www.pcworld.com/article/2996137/attackers-hijack-cctv-cameras-and-network-attached-storage-devices-to-launch-ddos-attacks.html">mitigated a DDoS attack</a> launched from around 900 closed-circuit television (CCTV) cameras.</p>
<p>However, the IoT DDoS botnets seem to have reached their full
potential over the past few months. After the unprecedented 620Gbps DDoS
attack against Krebs’ website two weeks ago, French server hosting firm
OVH was hit with a 799Gbps DDoS attack launched from a botnet of over
140,000 hacked digital video recorders and IP cameras.</p>
<p>Such a large botnet is capable of launching crippling attacks that could easily exceed 1Tbps, the OVH’s CTO warned at the time.</p><aside class="gmail-nativo-promo gmail-smartphone gmail-tablet gmail-desktop" id="gmail-"> </aside>
<p>There are very few DDoS mitigation providers in the world who are
capable of protecting customers against 1Tbps attacks. Content delivery
network Akamai, which also offers DDoS protection services, dropped
Krebs as a customer when his website was recently attacked because the
attack was too costly to mitigate.</p>
<p>And things are only going to get worse because the market of IoT
devices is rapidly expanding and many of these devices come with basic
security holes, such as remote administrative interfaces exposed to the
Internet and protected with weak credentials that users never change.</p>
<p>The release of Mirai’s source code is very likely to lead to the
creation of more IoT botnets, and it wouldn’t be the first time. In
early 2015 the source code for LizardStresser, a DDoS bot for Linux
systems written by the infamous Lizard Squad attacker group, was
released online. As of June this year, security <a href="http://www.csoonline.com/article/3090161/security/over-100-ddos-botnets-built-using-linux-malware-for-embedded-devices.html">researchers had identified</a> over 100 botnets built using malware based on LizardStresser.</p>
</section></span><br></div></div></div></div></div></div></div></div></div>
</div>