Competing hackers dampen the power of Mirai botnets

The Mirai malware has been blamed for a string of massive DDoS attacks

The malware behind last month's massive distributed denial-of-service attack in the U.S. appears to be losing its potency. Ironically, hackers are to blame for diluting its power.  

The malware known as Mirai -- which is now available on the internet -- has become a bit too popular in the hacking community, according to security firm Flashpoint.

Competing hackers have all been trying to take advantage of Mirai to launch new DDoS attacks. To do so, that means infecting the poorly secured internet-connected devices, such as surveillance cameras, baby monitors, and DVRs, that the malware was designed to exploit.

The problem is the malware may have run out of new devices to infect, forcing the hackers to vie for control over a limited resource pool. That competition appears to be stiff.

On Tuesday, Flashpoint said it found that the Mirai malware is probably being used across 52 different networks of enslaved devices, often called botnets.

Many of these hackers are coming up with their own strains of Mirai to fight over the what devices they can infect, Flashpoint analyst John Costello said in an email.

However, that competition is also fracturing Mirai's full power. Newly formed botnets created through Mirai are becoming smaller in size, ever since the source code to the malware was released back in late September.

"Due to these factors, the botnet’s fracturing has significantly lowered the impact, efficacy, and damage of subsequent attacks," Flashpoint said in a blog post.

Hackers also face another challenge to fully exploit Mirai -- the malicious coding has been designed to kick out competing malware.

It does this whenever it spreads to a new device. Mirai will also attempt to lock down the device, shutting off the ports that allowed the infection in the first place, Costello said.  

That feature may be inadvertently contributing to the diminishing power of the malware. For instance, last week, one large Mirai-powered botnet was found attacking IP addresses in Liberia, disrupting business at a local mobile service provider.

But since then, the server controlling the botnet has gone offline, according to a security researcher who goes by the name MalwareTech. Without a master, the Mirai-infected devices will no longer attack, nor can they be overtaken by another malware in most cases.

Only when the devices are rebooted does the Mirai infection clear, Costello said. Competing hackers will then try to quickly reinfect the devices, sometimes within 30 seconds of the device going back online.

"This appears to be the primary means by which vulnerable devices are reinfected and the main method by which botnet ownership has fluctuated over time," he said.

It isn't clear how big these individual Mirai-powered botnets are, but internet backbone provider Level 3 Communications estimated last month that more than 500,000 devices had been infected with the malware.

Security researcher Kevin Beaumont agreed that Mirai-powered botnets appear to be fracturing under the competition. Nevertheless, there are still three or four large Mirai botnets capable of taking down websites, he said. He pointed to online gambling service William Hill, which was likely hit with a DDoS attack and kicked offline by a Mirai botnet last week.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?