Friday, December 9, 2016

Rise of the Mirai Botnet

Image result for botnet 





Mirai Botnet is the one which you might have heard that kicked dyn out of gear.
Thats right it is indeed the recruiter of an army of zombies ie. unsecured Internet Connected devices.

Internet connected devices such as your computer, router, webcam etc are all vulnerable to this malware.

The malware follows a simple strategy of compromising the internet connected devives by

Take Over the Device

using the default username and password of the device to gain access and add it to its army.
It also uses BruteForce Dictionary attack to gain passwords.

Clear the hurdles

Mirai also kills any existing malwares on the devices, so that it maximizes its potential. It also prevents
remote login so that it can not be stopped in the middle of the attack.

Execute


Once Mirai is in control of the device it waits for commands to be executed by the central server.


The Do-Not List:
It also has a list which it refrains from scanning.(for unknown purpose or to prevent from gaining attention.)

Once the botnet has enough devices in its army, it begins attacking the target via DDOS.



How to Prevent Mirai.?

Change your default/ weak password of your devices.

Disable remote logging/ wan . (if not used.)


Attack on DYN.
DYN is a DNS management systems which helps in the lookup of the the domain names to the IP addresses.
Since this DNS infra was attacked by mirai botnet the DNS lookupsites like amazon, twitter and many other sites were unable to access to the consumers.

The attack was mitigated by using scrubbing services (the traffic is rerouted to new servers or data centers which identifies fake trafficfrom the real one)
On rebooting the devices, the attack can be stopped.

The source code has been released on one of the hacker forums,
https://github.com/jgamblin/Mirai-Source-Code

 

No comments: