Jump to content

Mirai (malware): Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
No edit summary
Line 27: Line 27:
The operation of Mirai is well understood because its [[source code]] was published in hacker forums. Since the source code was published, the techniques have been adapted in other malware projects.<ref>{{cite web | url=http://www.itworld.com/article/3132570/hackers-create-more-iot-botnets-with-mirai-source-code.html | title=Hackers create more IoT botnets with Mirai source code | publisher=[[International Data Group|ITWORLD]] | date=October 18, 2016 | accessdate=20 October 2016 | author=Kan, Michael}}</ref>
The operation of Mirai is well understood because its [[source code]] was published in hacker forums. Since the source code was published, the techniques have been adapted in other malware projects.<ref>{{cite web | url=http://www.itworld.com/article/3132570/hackers-create-more-iot-botnets-with-mirai-source-code.html | title=Hackers create more IoT botnets with Mirai source code | publisher=[[International Data Group|ITWORLD]] | date=October 18, 2016 | accessdate=20 October 2016 | author=Kan, Michael}}</ref>


Mirai continuously scans the internet for [[internet of things|IoT]] devices and infects them by using a table of common factory default passwords to log into them;<ref>{{cite web | url=https://securityintelligence.com/news/leaked-mirai-malware-boosts-iot-insecurity-threat-level/ | title=Leaked Mirai Malware Boosts IoT Insecurity Threat Level | publisher=securityintelligence.com | date=October 4, 2016 | accessdate=20 October 2016 | author=Bonderud, Douglas}}</ref><ref>{{cite web | url=http://www.zdnet.com/article/mirai-ddos-botnet-powers-up-infects-sierra-wireless-gateways/ | title=Mirai DDoS botnet powers up, infects Sierra Wireless gateways | publisher=[[ZDNet]] | date=October 17, 2016 | accessdate=20 October 2016 | author=Osborne, Charlie}}</ref> a device then remains infected until it is rebooted, but unless the login password is changed immediately, the device will be reinfected within minutes.<ref>{{cite web | url=https://www.webroot.com/blog/2016/10/10/source-code-mirai-iot-malware-released/ | title=Source Code for Mirai IoT Malware Released | publisher=[[Webroot]] | date=October 10, 2016 | accessdate=20 October 2016 | author=Moffitt, Tyler}}</ref> Mirai includes a table of [[Subnetwork|subnet masks]] that it will not infect, including [[private network]]s and addresses allocated to the [[United States Postal Service]] and [[United States Department of Defense|Department of Defense]].<ref>{{cite web | url=https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html | title=Breaking Down Mirai: An IoT DDoS Botnet Analysis | publisher=[[Incapsula]] | date=October 10, 2016 | accessdate=20 October 2016 | author=Zeifman, Igal | author2=Bekerman, Dima | author3=Herzberg, Ben}}</ref>
Mirai continuously scans the internet for [[internet of things|IoT]] devices and infects them by using a table of common factory default usernames and passwords to log into them;<ref name=webroot/><ref>{{cite web | url=https://securityintelligence.com/news/leaked-mirai-malware-boosts-iot-insecurity-threat-level/ | title=Leaked Mirai Malware Boosts IoT Insecurity Threat Level | publisher=securityintelligence.com | date=October 4, 2016 | accessdate=20 October 2016 | author=Bonderud, Douglas}}</ref><ref>{{cite web | url=http://www.zdnet.com/article/mirai-ddos-botnet-powers-up-infects-sierra-wireless-gateways/ | title=Mirai DDoS botnet powers up, infects Sierra Wireless gateways | publisher=[[ZDNet]] | date=October 17, 2016 | accessdate=20 October 2016 | author=Osborne, Charlie}}</ref> a device then remains infected until it is rebooted, but unless the login password is changed immediately, the device will be reinfected within minutes.<t{{cite web | url=https://www.webroot.com/blog/2016/10/10/source-code-mirai-iot-malware-released/ | title=Source Code for Mirai IoT Malware Released | publisher=[[Webroot]] | date=October 10, 2016 | accessdate=20 October 2016 | author=Moffitt, Tyler}}</ref> Mirai includes a table of [[Subnetwork|subnet masks]] that it will not infect, including [[private network]]s and addresses allocated to the [[United States Postal Service]] and [[United States Department of Defense|Department of Defense]].<ref>{{cite web | url=https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html | title=Breaking Down Mirai: An IoT DDoS Botnet Analysis | publisher=[[Incapsula]] | date=October 10, 2016 | accessdate=20 October 2016 | author=Zeifman, Igal | author2=Bekerman, Dima | author3=Herzberg, Ben}}</ref>

There are hundreds of thousands of IoT devices which use the default settings, making them vulnerable to infection.<ref name=webroot/>


==See also==
==See also==

Revision as of 03:46, 23 October 2016

Mirai
Original author(s)Anna-senpai
Repository
Written inC (agent), Go (controller)
Operating systemLinux
TypeBotnet
Websitegithub.com/jgamblin/Mirai-Source-Code Edit this on Wikidata

Mirai is malware that turns computer systems into remotely controlled botnets that can be used in large-scale network attacks. It primarily targets online consumer devices such as remote cameras and home routers.[1] The Mirai botnet has been used in some of the largest and most disruptive distributed denial of service attacks, including an attack on computer security journalist Brian Krebs's web site, and the October 2016 Dyn cyberattack.[2][3]

The operation of Mirai is well understood because its source code was published in hacker forums. Since the source code was published, the techniques have been adapted in other malware projects.[4]

Mirai continuously scans the internet for IoT devices and infects them by using a table of common factory default usernames and passwords to log into them;[5][6][7] a device then remains infected until it is rebooted, but unless the login password is changed immediately, the device will be reinfected within minutes.<tMoffitt, Tyler (October 10, 2016). "Source Code for Mirai IoT Malware Released". Webroot. Retrieved 20 October 2016.</ref> Mirai includes a table of subnet masks that it will not infect, including private networks and addresses allocated to the United States Postal Service and Department of Defense.[8]

There are hundreds of thousands of IoT devices which use the default settings, making them vulnerable to infection.[5]

See also

References

  1. ^ Biggs, John (Oct 10, 2016). "Hackers release source code for a powerful DDoS app called Mirai". TechCrunch. Retrieved 19 October 2016.
  2. ^ Hackett, Robert (October 3, 2016). "Why a Hacker Dumped Code Behind Colossal Website-Trampling Botnet". Fortune.com. Retrieved 19 October 2016.
  3. ^ Newman, Lily Hay. "What We Know About Friday's Massive East Coast Internet Outage". WIRED. Retrieved 2016-10-21.
  4. ^ Kan, Michael (October 18, 2016). "Hackers create more IoT botnets with Mirai source code". ITWORLD. Retrieved 20 October 2016.
  5. ^ a b Cite error: The named reference webroot was invoked but never defined (see the help page).
  6. ^ Bonderud, Douglas (October 4, 2016). "Leaked Mirai Malware Boosts IoT Insecurity Threat Level". securityintelligence.com. Retrieved 20 October 2016.
  7. ^ Osborne, Charlie (October 17, 2016). "Mirai DDoS botnet powers up, infects Sierra Wireless gateways". ZDNet. Retrieved 20 October 2016.
  8. ^ Zeifman, Igal; Bekerman, Dima; Herzberg, Ben (October 10, 2016). "Breaking Down Mirai: An IoT DDoS Botnet Analysis". Incapsula. Retrieved 20 October 2016.
Stub icon

This malware-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Mirai_(malware)&oldid=745758281"