The source code that powers the IoT botnet responsible for a massive DDoS attack against security blogger KrebsOnSecurity last month has been publically released. Dubbed Mirai, the malware code scans the internet for vulnerable devices that are protected by factory default usernames and passwords.
According to Krebs, this “virtually guarantee[s] that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.”
Mirai can harness many attack vectors, including UDP, DNS and HTTP floods, as well as GRE IP and Ethernet floods.
According to ArsTechnica, Internet backbone provider Level 3 Communications, has identified IP cameras manufactured by Dahua as one of the most commonly compromised devices currently making up the botnets. The company also highlighted a line of digital video recorders using the H.264 format, however the manufacturer is unknown at this point.
Level 3’s chief security officer Dale Drew told Ars that the release of this source code will enable a surge in botnet operators using Mirai to compromise IoT devices in consumer and small business.
“This could be the start of a surge of attacks against IoT devices in the consumer space,” he said.
“Soon we may see DDoS attacks that are capable of taking down major portions of the Internet, as well as causing brownouts, creating intolerable latency, or making the Internet unusable,” said Stephen Gates, chief research intelligence analyst at NSFOCUS, in a comment to The Register.
According to experts, infected systems can be cleaned up with a hard reboot, which wipes the malicious code from memory. However, with botnets scanning for vulnerable devices so regularly, it is possible for IoT devices to be re-infected within minutes of rebooting.
Therefore, it is recommended that upon rebooting, the user change the admin/password from the default setting to something more secure. It is also recommended that the user change the default SSID and network access passwords.