Competing hackers dampen the power of Mirai botnets

The Mirai malware has been blamed for a string of massive DDoS attacks

The malware behind last month's massive distributed denial-of-service attack in the U.S. appears to be losing its potency. Ironically, hackers are to blame for diluting its power.  

The malware known as Mirai -- which is now available on the internet -- has become a bit too popular in the hacking community, according to security firm Flashpoint.

Competing hackers have all been trying to take advantage of Mirai to launch new DDoS attacks. To do so, that means infecting the poorly secured internet-connected devices, such as surveillance cameras, baby monitors, and DVRs, that the malware was designed to exploit.

The problem is the malware may have run out of new devices to infect, forcing the hackers to vie for control over a limited resource pool. That competition appears to be stiff.

On Tuesday, Flashpoint said it found that the Mirai malware is probably being used across 52 different networks of enslaved devices, often called botnets.

Many of these hackers are coming up with their own strains of Mirai to fight over the what devices they can infect, Flashpoint analyst John Costello said in an email.

However, that competition is also fracturing Mirai's full power. Newly formed botnets created through Mirai are becoming smaller in size, ever since the source code to the malware was released back in late September.

"Due to these factors, the botnet’s fracturing has significantly lowered the impact, efficacy, and damage of subsequent attacks," Flashpoint said in a blog post.

Hackers also face another challenge to fully exploit Mirai -- the malicious coding has been designed to kick out competing malware.

It does this whenever it spreads to a new device. Mirai will also attempt to lock down the device, shutting off the ports that allowed the infection in the first place, Costello said.  

That feature may be inadvertently contributing to the diminishing power of the malware. For instance, last week, one large Mirai-powered botnet was found attacking IP addresses in Liberia, disrupting business at a local mobile service provider.

But since then, the server controlling the botnet has gone offline, according to a security researcher who goes by the name MalwareTech. Without a master, the Mirai-infected devices will no longer attack, nor can they be overtaken by another malware in most cases.

Only when the devices are rebooted does the Mirai infection clear, Costello said. Competing hackers will then try to quickly reinfect the devices, sometimes within 30 seconds of the device going back online.

"This appears to be the primary means by which vulnerable devices are reinfected and the main method by which botnet ownership has fluctuated over time," he said.

It isn't clear how big these individual Mirai-powered botnets are, but internet backbone provider Level 3 Communications estimated last month that more than 500,000 devices had been infected with the malware.

Security researcher Kevin Beaumont agreed that Mirai-powered botnets appear to be fracturing under the competition. Nevertheless, there are still three or four large Mirai botnets capable of taking down websites, he said. He pointed to online gambling service William Hill, which was likely hit with a DDoS attack and kicked offline by a Mirai botnet last week.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?