Stories
Slash Boxes
Comments

SoylentNews is people

Mirai IoT Botnet Source Code Released

posted by janrinok on Monday October 03 2016, @04:09PM   Printer-friendly
from the now-it's-a-battle-for-cameras dept.

takyon writes:

A few hundred thousand cameras want to talk to you:

A hacker has released computer source code that allows relatively unsophisticated people to wage the kinds of extraordinarily large assaults that recently knocked security news site KrebsOnSecurity offline and set new records for so-called distributed denial-of-service attacks.

KrebsOnSecurity's Brian Krebs reported on Saturday that the source code for "Mirai," a network of Internet-connected cameras and other "Internet of things" devices, was published on Friday. Dale Drew, the chief security officer at Internet backbone provider Level 3 Communications, told Ars that Mirai is one of two competing IoT botnet families that have recently menaced the Internet with record-breaking distributed denial-of-service (DDoS) attacks—including the one that targeted Krebs with 620 gigabits per second of network traffic, and another that hit French webhost OVH and reportedly peaked at more than 1 terabit per second. [...] According to Krebs, the Mirai source code was posted to the hacking community HackForums by a user with the handle Anna-senpai. Krebs said the leaker provided the following explanation:

When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there's lots of eyes looking at IOT now, so it's time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.

Previously: A Source for Recent DDoS Attacks

Original Submission

 
This discussion has been archived. No new comments can be posted.
Mirai IoT Botnet Source Code Released | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by EvilSS on Monday October 03 2016, @08:35PM

    by EvilSS (1456) Subscriber Badge on Monday October 03 2016, @08:35PM (#409639)

    That would explain the constant rejections my firewall has been logging on port 23 this year. And here I thought everyone was just going oldschool. I'm currently seeing about 1 per minute or so. Will be interesting to see if that spikes up in the near future.
     
    I swear giving people the internet is like giving a box of hand grenades to a room full of toddlers sometimes. You just no that no good will come of it.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 1) by gmrath on Tuesday October 04 2016, @11:30AM

    by gmrath (4181) on Tuesday October 04 2016, @11:30AM (#409934)

    Check ATT's ThreatTraq on YouTube. Port 23 sees the bulk of probes, reaching historic levels around 75% of the probes on networks that ATT monitors (millions per second). Port 23 is also the port of choice of things probing networks. Mostly IoT devices with default passwords to backdoors that the end-user doesn't know about, or it seems, care about. According to ATT's folks, this has been going on for quite a while.