News on the (malicious) gift that just keeps on giving
Remember Mirai? This four-year old botnet was the scourge of the internet and used as the launching pad for numerous DDoS attacks. Back in 2016, the botnet disrupted a German ISP, Liberia’s entire internet connection, the Dyn.com DNS services (now owned by Oracle), and Brian Krebs’ website.
It was unique because it collected more than 24,000 IoT devices, including webcams, numerous home routers and other embedded devices. Its size was also significant: when Krebs was targeted, it was the largest series of DDoS attacks to date, with five separate events focusing more than 700B bits per second traffic at his web server.
Since those days, Mirai has continued to gain notoriety. Its source code was released on GitHub shortly after these first attacks in 2016, where it has been downloaded thousands of times and has formed the basis of a DDoS-as-a-service for criminals. Months later, Krebs described how he uncovered the true identity of the leaker. We blogged about it back in 2018, when Avast researchers came across a new strain called Torii. It had more stealth components and was used to steal information rather than coordinate DDoS attacks. Torii also expanded the botnet sources beyond IoT devices and including a wide range of operating systems and chipsets to abuse. Eventually, return mirai botnet avast
