Competing hackers dampen the power of Mirai botnets

The Mirai malware has been blamed for a string of massive DDoS attacks

The malware behind last month's massive distributed denial-of-service attack in the U.S. appears to be losing its potency. Ironically, hackers are to blame for diluting its power.  

The malware known as Mirai -- which is now available on the internet -- has become a bit too popular in the hacking community, according to security firm Flashpoint.

Competing hackers have all been trying to take advantage of Mirai to launch new DDoS attacks. To do so, that means infecting the poorly secured internet-connected devices, such as surveillance cameras, baby monitors, and DVRs, that the malware was designed to exploit.

The problem is the malware may have run out of new devices to infect, forcing the hackers to vie for control over a limited resource pool. That competition appears to be stiff.

On Tuesday, Flashpoint said it found that the Mirai malware is probably being used across 52 different networks of enslaved devices, often called botnets.

Many of these hackers are coming up with their own strains of Mirai to fight over the what devices they can infect, Flashpoint analyst John Costello said in an email.

However, that competition is also fracturing Mirai's full power. Newly formed botnets created through Mirai are becoming smaller in size, ever since the source code to the malware was released back in late September.

"Due to these factors, the botnet’s fracturing has significantly lowered the impact, efficacy, and damage of subsequent attacks," Flashpoint said in a blog post.

Hackers also face another challenge to fully exploit Mirai -- the malicious coding has been designed to kick out competing malware.

It does this whenever it spreads to a new device. Mirai will also attempt to lock down the device, shutting off the ports that allowed the infection in the first place, Costello said.  

That feature may be inadvertently contributing to the diminishing power of the malware. For instance, last week, one large Mirai-powered botnet was found attacking IP addresses in Liberia, disrupting business at a local mobile service provider.

But since then, the server controlling the botnet has gone offline, according to a security researcher who goes by the name MalwareTech. Without a master, the Mirai-infected devices will no longer attack, nor can they be overtaken by another malware in most cases.

Only when the devices are rebooted does the Mirai infection clear, Costello said. Competing hackers will then try to quickly reinfect the devices, sometimes within 30 seconds of the device going back online.

"This appears to be the primary means by which vulnerable devices are reinfected and the main method by which botnet ownership has fluctuated over time," he said.

It isn't clear how big these individual Mirai-powered botnets are, but internet backbone provider Level 3 Communications estimated last month that more than 500,000 devices had been infected with the malware.

Security researcher Kevin Beaumont agreed that Mirai-powered botnets appear to be fracturing under the competition. Nevertheless, there are still three or four large Mirai botnets capable of taking down websites, he said. He pointed to online gambling service William Hill, which was likely hit with a DDoS attack and kicked offline by a Mirai botnet last week.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender’s best-in-class security solutions have been awarded Product of the Year. Get cybersecurity that 500 MILLION users already have and trust!

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?