It’s only been a few weeks since hackers hijacked more than 1 million Internet of Things devices to launch a record-breaking Distributed Denial of Service (DDoS) attack against the website of cybersecurity reporter Brian Krebs.
Now, the malware that powered the unprecedented attack has been released online for anyone to use.
A link to the malware code, first spotted by Krebs, was posted in the criminal hacker site Hackforum by a user named “Anna-senpai,” who dubbed the malware “Mirai.” The malware is designed to infect Internet of Things (IoT) devices that haven’t changed their default usernames and passwords—a common occurrence in the frighteningly poor security used by IoT products like web cams, “smart” refrigerators, and other internet-connected home appliances. Once assembled, these massive armies of zombie devices can be controlled from a central server, where they are typically leased out to other criminal hackers to launch DdoS attacks against target websites.
“When I first go in DDoS industry, I wasn’t planning on staying in it long. I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO,” Anna-senpai wrote. “So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”
“So, I am your senpai, and I will treat you real nice, my hf-chan,” Anna-senpai added, cheekily using the Japanese honorific for a fellow classmate.
It’s unclear why the malware’s authors chose to dump the code online, since the ability to grow botnets can be a big moneymaking asset in the criminal hacking world. But Anna-chan’s Hackforums post seems to suggest that spreading the malware code around is a way for its creators to confuse attribution attempts, now that the Krebs DDoS attack has brought increased attention.
“Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home,” Krebs writes. “Publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants.”