Download the Mirai source code, and you can run your own Internet of Things botnet

Hijacking millions of IoT devices for evil just became that little bit easier.

Graham Cluley

Download the Mirai source code, and you can run your own Internet of Things botnet

Fancy running your own botnet, hijacking control of Internet of Things (IoT) devices such as internet-enabled CCTV cameras and routers to bombard websites with distributed denial-of-service attacks?

Well, it’s just been made that little bit easier for you, with the release of the source code of Mirai, a family of malware capable of rapidly recruiting an army of poorly-protected devices and then commanding to launch attacks.

Security blogger Brian Krebs reports:

EmailSign up to our newsletter
Security news, advice, and tips.

The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.

Vulnerable devices are then seeded with malicious software that turns them into “bots,” forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline.

Just such an attack knocked Krebs’ website offline at the end of last month with what is thought to have been one of the largest DDoS attacks ever seen, after he exposed information about the inner-workings of vDOS, a DDoS-for-hire service.

Millions of new IoT devices are being plugged into the net every day, and many of them will have weak security just waiting to be exploited by online criminals. The flaws can range from shipping with default passwords that users never bother to change, to weak or non-existent encryption, to no infrastructure for updating devices if a vulnerability is found at a later date.

As I explain in the video below, an internet of things which doesn’t treat security and privacy as a priority puts all of us at risk.

The Internet of insecure Things | Graham Cluley

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

5 comments on “Download the Mirai source code, and you can run your own Internet of Things botnet”

  1. MeMyselfAndI

    Where's the beef, i.e., the torrent link, man?

  2. Mike Hunt

    I wouldn't have minded reading the entire article, looking for Mirai, if your title hadn't been: "Download the Mirai source code, and you can run your own Internet of Things botnet" SERIOUSLY?

  3. Kuku

    WTF?? What a cheat. It says "download" ??? Where is the link?? Come on,- Really???

  4. Khalil Bhatti

    WTF…where is the Mirai source code???

    1. Anonimus · in reply to Khalil Bhatti

      WTF where its download link?

Comments are closed.