Mirai (malware)

Mirai ( Japanese 未来 "future") is a Linux malicious software that enables botnets can be built. In this way, for example, targeted attacks through deliberate overloading of networks by other systems ( Distributed Denial of Service (DDoS) ) can be organized. The name Mirai was derived from the manga and anime series Mirai Nikki .

Structure and effect

Mirai takes advantage of the fact that more and more everyday objects such as routers , CCTV surveillance systems , digital video recorders or televisions are connected to the Internet ( IoT - Internet of Things ). The software scans the network for security gaps in such devices with factory installed operating software and then tries to install malicious code on them.

distribution

Security services report that Mirai services form the basis of the current " DDoS-for-hire booter / stresser service ". With relatively little computer power of their own, hackers offer DDoS attacks against any target against payment in Bitcoin .

The original Mirai bot network comprised around 500,000 compromised IoT devices worldwide in 2016. The countries China , Hong Kong , Macau , Vietnam , Taiwan , South Korea , Thailand , Indonesia , Brazil and Spain show a particularly high distribution density of infected devices .

Permanent monitoring of the bot network, which is provided in a live map , shows that over three million devices have already been trapped in the bot network. It was also revealed that hackers were offering a botnet with 50,000 infected devices for rent.

Known uses

At the end of September 2016, three young people in Alaska attacked several websites using Distributed Denial of Service (DDoS). The target of their attack were originally Minecraft servers. Further attacks followed in 2017 and 2018, including on the largest Minecraft network Hypixel .

However, many other companies were affected, including the telecommunications provider OVH in France and the website of IT security journalist Brian Krebs. Around one million Internet of Things applications were involved in the attack. The member with the pseudonym Anna-senpai distributed the link with the source code of Mirai on the Hackforums platform.

Large- scale DDoS attacks on the Dyn company followed on October 21, 2016, leaving many websites inaccessible for hours.

At the beginning of November 2016, shortly before the US presidential election, attempts were made to bring high-frequency web services such as Twitter , Spotify and Amazon to a standstill using Mirai via the Internet service provider Dyn .

According to the findings of the attacked company Telekom Deutschland , the bot network was also used in the cyber attack on DSL routers on November 27, 2016 .

According to researchers, a computer worm called a nematode could be used to combat a Mirai botnet , which searches for vulnerable devices and changes their standard passwords, thus protecting them from Mirai. Since this would also involve unauthorized intrusion into computer systems, this fight would be in many countries, such as. B. also in Germany, very likely illegal and could deny the owners of the devices access.

1. ↑ The source code of the Mirai IoT botnet leaked online. Do you trust it? (securityaffairs.co of October 3, 2016, accessed November 29, 2016)
2. ↑ Bernd Kling: Security blogger Brian Krebs on the trail of the Mirai botnet developer. ZDnet.de, January 20, 2017, accessed December 19, 2018 . 
3. ↑ Who is Anna-Senpai, the Mirai Worm Author? Krebs on Security, January 18, 2017, accessed December 19, 2018 . 
4. ^ ^{A b} Steve Mansfield-Devine: DDoS goes mainstream: how headline-grabbing attacks could make this threat an organization's biggest nightmare . In: Network Security . 2016, No. 11, November 16, 2016, pp. 7-13. doi : 10.1016 / S1353-4858 (16) 30104-0 .
5. ↑ Mirai IoT Botnet Description and DDoS Attack Mitigation . In: Arbor Threat Intelligence . October 26, 2016 ( arbornetworks.com [accessed November 28, 2016]). 
6. ↑ Criminals offer Mirai botnet with 400,000 IoT devices for rent (heise.de from November 25, 2016, accessed on November 29, 2016)
7. ↑ Mirai botnet with over 400,000 IoT bots for rent (zdnet.de from November 25, 2016, accessed on November 29, 2016)
8. ↑ How a Dorm Room Minecraft Scam Brought Down the Internet . December 13, 2017 ( wired.com [accessed December 13, 2017]). 
9. ↑ Wes Fenlon: Internet security expert links massive botnet DDoS attacks to Minecraft disputes. In: PC Gamer. Retrieved January 18, 2017, May 4, 2019 (American English). 
10. ↑ Staff Writer: Cloudflare Spectrum - DDoS protection for the rest of the Internet. Retrieved May 4, 2019 (American English). 
11. ↑ The source code of the Mirai IoT botnet leaked online. Do you trust it? In: Security Affairs . October 3, 2016 ( securityaffairs.co [accessed November 29, 2016]). 
12. ↑ Nicky Woolf: DDoS attack that disrupted internet was largest of its kind in history, experts say , The Guardian, October 26, 2016, 9:42 pm BST, accessed November 29, 2016
13. ↑ DDoS attack paralyzes Twitter, Netflix, Paypal, Spotify and other services (heise.de from October 21, 2016, accessed on November 29, 2016)
14. ↑ What happened, who is behind it, what customers can do . ( tagesspiegel.de [accessed on November 28, 2016]). 
15. ↑ Mirai botnet: Unknown people throw Liberia out of the web (spiegel.de, November 4, 2016, accessed on November 29, 2016)
16. ↑ Sonja Álvarez AND Frank Jansen: Hacker attack on Telekom What happened, who is behind it, what customers can do , Tagesspiegel , November 28, 2016, 8:55 pm, accessed on November 29, 2016
17. ↑ Upgraded Mirai botnet disrupts Deutsche Telekom by infecting routers (pcworld.com from November 28, 2016, accessed on November 29, 2016, English)
18. ↑ DDoS record botnet Mirai could be fought - albeit illegally (heise.de from November 2, 2016, accessed on November 29, 2016)