Mirai DDoS Trojan behind KrebsOnSecurity attack; code made public by author

The code behind the giant IoT botnet that launched the biggest DDoS attack in history has just been released by its author.

The hacker, also known as Anna-senpai, published the source code on Friday on Hackforums, facilitating future attacks on other IoT networks.

“When I first go [sic] in DDoS industry, I wasn’t planning on staying in it long,” the hacker wrote in the forum post. “I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO.”

The 620 Gbps attack on KrebsOnSecurity seems to have been carried out by 145,000 IoT devices infected with the Mirai DDoS Trojan. The malware targets Linux and IoT infrastructures “by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords,” explains Brian Krebs.

“With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act,” explained the hacker. “Today, max pull is about 300k bots, and dropping.”

Following a personal inquiry, Krebs announced two of the preferred malware for IoT exploits are Mirai and Bashlight. Despite speculation that it it might be a trap, Krebs believes the code is available for download to cover the trail to the original author and confuse law enforcement.

Considering this hack should shed even more light on IoT risks and exploits, users could finally learn a thing or two. First of all, researchers have explained that, in Krebs” case, the devices were hacked because they had default or weak usernames and passwords which allowed the malware into the system.

There is no clear strategy to prevent IoT infrastructures from getting hacked, but users can at least change default credentials, including on the Wi-Fi. However, this may not be enough due to the additional vulnerabilities in the devices. This is where manufacturers and ISPs come in to secure malware families targeting IoT.