Hackers Battle For 3 Million Strong Mirai Botnet

Author: Brian Karas, Published on Nov 28, 2016

Mirai-infected devices have become so large and so prevalent that multiple hackers are now fighting each other to control these devices.

This war has both made Mirai wider-spread, but less powerful for any given attack, and may lead hackers to search for new vulnerabilities in cameras and recorders to grow their botnet army.

In this report we look at the latest status of Mirai, and how it is expected to evolve into 2017.

*****-******** ******* **** ****** ** ***** *** ** ********* **** multiple ******* *** *** ******** **** ***** ** ******* ***** devices.

**** *** *** **** **** ***** *****-******, *** **** ******** for *** ***** ******, *** *** **** ******* ** ****** for *** *************** ** ******* *** ********* ** **** ***** botnet ****.

** **** ****** ** **** ** *** ****** ****** ** Mirai, *** *** ** ** ******** ** ****** **** ****.

[***************]

3 ******* ******

***** *** **+ ******** ******* (**** ****** *** ** ********* hackers), **** **** * ******* ******** ******* **********, *** ~***,***+ participating ** ******* ** *** ***** ***, ********* ** ************** ****, *** ** * ****** ********** ** *** **, *** tracks *** ****** ** *****-***** ******* ********* *****.

***** *** ** ********** ******** ******* ***** **** ************ ********, including *** ** *** ******:

Popularity ****** ********** *****

** **** ***** ******* **** ****** ** **** *** *********** of ***** ******* *** ******** **** ***** *** ******* ** vulnerable *******. **** ******** ************* ********, ** *** ********** **** **** ****** *********** ***** popup, ***** *** ********. **** *** **** *********** *** *** way **** ***** ****** *** ********* ********* *** *** ******** attack. * *********** ******* ** *********** **** ****** ********* *** ******** ********* **** ***** ** try *** **** ******** ********* ******* *** **** ******* ** more *******:

*** ******** ********* ** *** *** ***** ******’* ********* **** even ******** ** ******* ***** **** ******* ** **** ***** to *** ** **** ** ******.

*********** **** **** *********** **** ******* ******* ** ****** *********, *** *** ** ** ********* ***

** ***** *** ***** ******* ** ****** *****-***** **** ******* successfully — **** ** ***** **’** **** ******* *****, ***, and *** — **** **** **** ** ********** *********** *** are ***** ** ******* *** **** **** ** *******. ****** not **********, ********** **** *********** ** * ************ ********* *** so ***, *** *** ****** ********* ******* ** ** ********* with *** **** *****-** *********** *** *** ****** *** ********** devices.

98 ******* ** *********

**** ******** ****** ***** *** ******** *** ***** *********** *******, this ******* **** ** ******** ***** **** ********** ******* **** be ******** ****** ******* ** ***** ******* **. *** ********** purchased * ******, ************ ** ********, ** ****** *** *** purposes ** ******** *** ***** ** *********** *** ******** ******** ** ** *******.******** ******* **** ** ******** ****** **** *** ******* ****** a ******, *** ********** ******* ******* ***** ******* ** *** *** *************** **** led ** *****.

Mirai ***** ** ******

*** ** *** *** ***** *****, *********** * ***** **** of *** ******* **** **** **** ***** ******** ******, ** is **** *** ********* ** ****** *** ****** **** **** new ******** ** *************. **** ******* ******* ****, ******* **** the *** *** * ********** ******* ****** ** *********, **** cause *** ****** **** ** ****** ** ** **** ** infect ******* ********** ******. **** ***** ** **** ** ********* the ********/******** **** ** ******* **** **** **** ******* *********, but **** **** ****** *********. *** **** ***** **** ****** to **** **** ***** *** **** ****** **********, ** ****** devices ******* ****** ** ***-******** *****.

Outlook *** ****

** *** *** *** ******* ******-******** ****** **** *****, *** will ****** *** ********* *******, ** *****-***** ******* **** *** carried *** *** ****** ******* ** ****. *** **** ** renting *** * ****** *** ****** *** ****, *** ** competition **** *** ******** ********* ********* **** **** ***** *** this ********, ******* ** **** ******* ** *****-******* *******. ** operators ****** ** **** * *** ***** ** ******* ** infect ** ***** ****** ***** ** ******** ******-******** ******, ********** to * **** ***** ******** **** ******.

Comments (10)

**** ** * ****** *********** *******, ***** ***. ** ******** in ****** ** ** **** *******, ** ***** **** **** that *** ** **** ** ******* **** **** ** ***** from *********? *** *** *** **** *** ** *** *** for ** ****, *** ***** ** **** ******** *** ************ (irony?) ************* *** ***** ********, **** * *** ** *** to ***** ***** ** ***/****** ****. *** *** *** ** avoid ****** ******** **** *** ** *******, *** ****** *** vulnerabilities ***** ****, *** * ****** ***********.

**** * ******* ******** ********** ***** *** ********* **** ********/*****/********/********/*** that *** ****** *** **** **** ******* *******, ******* **** botnet ******** ******* **** ************* ***, *** ***** ***** ** high ****** ********** ******** *** *** ** *** ************** ** dollars ***** *****.

** *** *******, ****** ********* ***** ** * **** *** to * ***** ***** ** ***** *******, *** ** *** know ****'* * **** ******. ****** *** *** ******** *** entire ************ ******** ****** ******** (*** ****).

** ******** ** ****** ** ** **** *******, ** ***** even **** **** *** ** **** ** ******* **** **** of ***** **** *********?

* ***** ***** *** * *** ****** **** *** **** and **** ****** *** *******:

  • ************* *** ******* ****** *** *** ** ******* (** ** fair, ** ***** **** **** ** **** **** ****** ***).
  • **** ************** ******* ***** ** ******* ** *** ***** ****** login ** * ****** ******** *** *** **** *** (**** would ***** ***** ***** *** *****/*************, *** **** ****** ****** until * ****** ******** *** ****).
  • ********** *** **** ** *** ********** ****** *****, *** **** putting ******** ** ***-******** *****. ***** ***-******** ***** ***** ** slightly ****** ** **** *** ******** ** **** ******* **** can ** ******* ******.
  • ******** ******* *** ** **** ** **** ** *** ************ process ** ****** ******** *** ******* ****** ****, ***** ** most ***** ****** **** ******* ***************, ****** ** ** ****** possible **** *** *************** **** **** **********, *** **** ****** be ****.
  • ********** *** **** ****** *** ********* ******** ***** ** ***** ability ** ** *******, *** *** ****** ****** * **** track ****** ** ********** ** *** ****** ******** ****** *******.

************* ***** **** * **** **** ** ******** ****** ************** if **** **** ******* ** **** ** * ********, *** willing ** ****** ****** ****** **** ******** **** ****** *******, by ****** ****** **** ************.

**** *** *********, **** ** *********, **** **** ****** ****** boot ************* **** ***** *****, *** ** **** *** ****** that ******** ************* *** ***** ******** **** **.

** *****, ****** **** *** ** ******** ** ****** **** even ** ** ******** ***** **** ****** ** * **** shell, **** ***** *** ****/*** ************ ****.

****** **** ***** **** ** ******* ****** ** ********* **** difficult ** ****** ******'*, ** *** ******* ***** *** **** download ******** ** **** *** ******/******** ** ******** **** ****. This ** ******* ******* ** ******* ** *** ** ****** cannot *** ******** **** *** *** **** ********** ****** ** Apple, ******* **** ************* **** **** ***** *** **** ** give ** *** ******* ** *** *** ***** **** ** their *******.

**** **** ******, ******** ******** **** ** **** ****** *** goes ******* ********** ************** ********* ***** **** **** ****** ** the ************* ** ********** ****, *** *** ****** ***** ** significantly ********* ********, *** ************, ** ********* *** *******. ***, the ************* *** **** ****** ** *** **** ** ** there ** ********* ******* ** ***** **, ****** ** ********* requesting **, ** *** ******* ********* ** ****** ******* ******** significant.

*** ******* ********** * *** ***** ** **** ********, *** my ******** ** ***** * *** ** *** ******* **** are **** ** ***** ******* ******** ******** ****** *******?

**** **** **** **** ***********, *** **** ** ***** ***********, extra ***** ***** ** ******** ** *********, *** ******** ** on, *** *** **** ******** ********** **** ***** *** ********* video **** ****** ******'* **** ** *** ***** *******?

**** * ************* **********, **** **** ******* **** ********** * think * **** ** ****, **** * *** ******** ****** for ************* ****** **; *********** (****!)

*** ******* ********** * *** ***** ** **** ********, *** my ******** ** ***** * *** ** *** ******* **** are **** ** ***** ******* ******** ******** ****** *******?

***, ** ** **** ****** * *** ** **** *** consumer/DIY ********, * **** ****** *** ********* *********** ******* ** is ******** ****. * *** **** ********** ******* **** *********** for ***-*****, *** * ***** *** ******* ** **** **** few ***-***** *** ***** ****** ** ** ******** ** *** first *****, *** ***** **** *** ***** ******* **** ****** best *********.

**** ************** ******* ***** ** ******* ** *** ***** ****** login ** * ****** ******** *** *** **** *** (**** would ***** ***** ***** *** *****/*************, *** **** ****** ****** until * ****** ******** *** ****).

***, ******'* ***** ****:****** ******** ** ******* ******** *********...

*** ******* **** **** ******** ** ***** ** **** ***** are ******** ** ********* ** ***** ******* **** *** ******* out ***** *** **** **** *** ** ******* *** ** ignorance ** *** *******, *** ******* ** ******* *** *************, or **** *** ******. *** **** ******** **** ** *** last **** ** **, *** ************* *** ********* ** ******* the ****** ***** ** ***** ********* ** *** *******. **** botnet **** ******** ** ******** *** ** *** *** ******* that **** *** ** *******, *** *** ** *** ******* being ********* ***** ** **** ****** *** **** ******* ******.

*** ***** ******** *********? *** ****** **** ***** ** ******** to **** (*******) **** *** ******? ** * ******** ************* to **** ******** ***** (******) *** **'* *** ******? **, I ***'* **** *** ** ** ****. **** ***** ** honest ********. ** ** **** ******* *********. ** **, ***** does *** **** **?

**** *** *** ********** ** ******* ********* **** ****** ******** firewall *******, ** ** **** ***** ******* ***** *** "*********" IP ******, ***** *** *** ******** ***** ****** ******** *** establish * ******* ********** ** *** ******. *** ******** ** this ** **** ** ***** ****** *** ****** **** **** more *********** (****** *** ************, ** **** ***** ******, ******** a ***** ******/***** *******). * *** **** ** ********* ** the ** ******* ** *** ****** ****** **** ******* *** some ******, ***** ** *** ******** *** *********** *****/*** ********.

****** *** *** *******.

** ******** *** ***** ** *** *** ****** ******* ******* access. ** ***** ******. *** **** **...

** *** ****** **** (*** *** ******* ********* **** * single ****** ** ***) * ******** *** **** *** ******* in ***** *** **** ******* *** ******. **** ********* **'* mission? **** ***** ** ** **** **** *********** ******** ** the ****** ** **** ******* ******* *** ******** ****** * large **** ** *** ******* ********** ** *** ****.

*** * ***** ******** ******* *** * ********** ******* ** minimize *** ******* ***** ********* **** ********* ***** ***** *** one **** ***** ******** **** **'* ****** ** *** *****.

*** ******* **** *'** **** ***** *** ****** ** *** infection **** **** **** *** ****** ***** ******* * ******, it ******* *** ********** **** *** **** ***** ******** ** memory. ***** ******* *** ****** ***** ****** *** ****** *****, but ****** ******** *** ***** ** ******* ** ****** ******** back ** ** **** **** ****** ** ******** ***** ****** minutes.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Hacking

Last Day - IP Networking Course May 2017 on Apr 26, 2017
Today is the last day to register for the May IP Networking Course. This is the only networking course designed specifically for video...
Chinese 'Attacking Us From Every Direction', Says US FBI on Apr 25, 2017
"Chinese eating our lunch. Attacking us from every direction" said the US FBI's Deputy Director Andrew McCabe at the ASIS 2017 CSO Summit. .@FBI...
Dahua Manager: Lots of Backdoors Beyond Dahua or Hikvision on Mar 29, 2017
A Dahua technical manager has fired back at criticisms of Dahua's backdoor, posting publicly what many at Dahua have privately been saying for the...
Uniview Weak Local / Strong Remote Password Policy Tested on Mar 14, 2017
With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked)...
Genetec Comments on Washington DC MPD Hack on Mar 13, 2017
This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras. Last month, IPVM...
Hikvision New Security Vulnerability on Mar 12, 2017
Hikvision has disclosed a new security vulnerability that affects 200+ of their IP cameras over the past few years. In this note, we examine the...
FLIR Responds to Dahua Backdoor on Mar 10, 2017
FLIR is the first Dahua OEM partner to issue a statement following Dahua's backdoor disclosure: Certain FLIR and Lorex branded products that...
Hikvision Firmware Decrypted on Mar 09, 2017
A developer has decrypted Hikvision's firmware, allowing examination of Hikvision's device source code and contents. In this report, we overview...
Dahua Backdoor Uncovered on Mar 06, 2017
A major cyber security vulnerability across many Dahua products has been discovered by an independent researcher, reported on IPVM, verified by...
Who Is Hacking Hikvision Devices? on Mar 06, 2017
Someone or organization is mass hacking Hikvision devices, actively and systematically running a script / program across the Internet that looks...

Most Recent Industry Reports

Avigilon Discontinuing Rialto Analytics Line on Apr 27, 2017
Avigilon is informing dealers/partners that the legacy VideoIQ Rialto products have been discontinued, recommending the newer ACC ES Analytics...
A Marketing Home Run For Knightscope - Man Attacks Robot on Apr 27, 2017
We criticize Knightscope regularly - their lack of revenue, their trying to fool mom 'n pop investors, their associating themselves with a clueless...
The World's First Fashion IP Camera From Amazon on Apr 27, 2017
Some analytics cameras can tell you if a person is jumping a fence, or loitering in a secure area, but none of them can tell you if the person...
Last Day - IP Networking Course May 2017 on Apr 26, 2017
Today is the last day to register for the May IP Networking Course. This is the only networking course designed specifically for video...
Hikvision EZVIZ Amazon Scam Revealed on Apr 26, 2017
Hikvision is violating US Federal Trade Commission guidelines and Amazon rules with a "Honest" Review Program scheme that provides gift cards to...
Anixter CEO Admits Price Deflation and Non-Exclusive Integrator Sales on Apr 26, 2017
Anixter's CEO has admitted to (1) price deflation impacting IP camera sales and (2) not always being 'exclusive' with security integrators. In...
Xandem Next Gen Intrusion Tested on Apr 26, 2017
Xandem's "full coverage motion tracking technology" is unlike any intrusion technology we have seen. We bought their new system and tested it...
Tri-Ed Favorability Results on Apr 25, 2017
Tri-Ed, owned by Anixter, far outranked Anixter, the lowest ranked company in our distributor favorability series. Still, Anixter's ownership did...
Eagle Eye Exec On Mountain Of Servers - VSaaS Growth Analysis on Apr 25, 2017
Eagle Eye VP of Operations, Hans Kahler, posted a picture of himself sitting on top of a shipment of new servers, as a testament to the companies...
Chinese 'Attacking Us From Every Direction', Says US FBI on Apr 25, 2017
"Chinese eating our lunch. Attacking us from every direction" said the US FBI's Deputy Director Andrew McCabe at the ASIS 2017 CSO Summit. .@FBI...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact