Hackers Battle For 3 Million Strong Mirai Botnet

Author: Brian Karas, Published on Nov 28, 2016

Mirai-infected devices have become so large and so prevalent that multiple hackers are now fighting each other to control these devices.

This war has both made Mirai wider-spread, but less powerful for any given attack, and may lead hackers to search for new vulnerabilities in cameras and recorders to grow their botnet army.

In this report we look at the latest status of Mirai, and how it is expected to evolve into 2017.

*****-******** ******* **** ****** ** ***** *** ** ********* **** multiple ******* *** *** ******** **** ***** ** ******* ***** devices.

**** *** *** **** **** ***** *****-******, *** **** ******** for *** ***** ******, *** *** **** ******* ** ****** for *** *************** ** ******* *** ********* ** **** ***** botnet ****.

** **** ****** ** **** ** *** ****** ****** ** Mirai, *** *** ** ** ******** ** ****** **** ****.

[***************]

3 ******* ******

***** *** **+ ******** ******* (**** ****** *** ** ********* hackers), **** **** * ******* ******** ******* **********, *** ~***,***+ participating ** ******* ** *** ***** ***, ********* ** ************** ****, *** ** * ****** ********** ** *** **, *** tracks *** ****** ** *****-***** ******* ********* *****.

***** *** ** ********** ******** ******* ***** **** ************ ********, including *** ** *** ******:

Popularity ****** ********** *****

** **** ***** ******* **** ****** ** **** *** *********** of ***** ******* *** ******** **** ***** *** ******* ** vulnerable *******. **** ******** ************* ********, ** *** ********** **** **** ****** *********** ***** popup, ***** *** ********. **** *** **** *********** *** *** way **** ***** ****** *** ********* ********* *** *** ******** attack. * *********** ******* ** *********** **** ****** ********* *** ******** ********* **** ***** ** try *** **** ******** ********* ******* *** **** ******* ** more *******:

*** ******** ********* ** *** *** ***** ******’* ********* **** even ******** ** ******* ***** **** ******* ** **** ***** to *** ** **** ** ******.

*********** **** **** *********** **** ******* ******* ** ****** *********, *** *** ** ** ********* ***

** ***** *** ***** ******* ** ****** *****-***** **** ******* successfully — **** ** ***** **’** **** ******* *****, ***, and *** — **** **** **** ** ********** *********** *** are ***** ** ******* *** **** **** ** *******. ****** not **********, ********** **** *********** ** * ************ ********* *** so ***, *** *** ****** ********* ******* ** ** ********* with *** **** *****-** *********** *** *** ****** *** ********** devices.

98 ******* ** *********

**** ******** ****** ***** *** ******** *** ***** *********** *******, this ******* **** ** ******** ***** **** ********** ******* **** be ******** ****** ******* ** ***** ******* **. *** ********** purchased * ******, ************ ** ********, ** ****** *** *** purposes ** ******** *** ***** ** *********** *** ******** ******** ** ** *******.******** ******* **** ** ******** ****** **** *** ******* ****** a ******, *** ********** ******* ******* ***** ******* ** *** *** *************** **** led ** *****.

Mirai ***** ** ******

*** ** *** *** ***** *****, *********** * ***** **** of *** ******* **** **** **** ***** ******** ******, ** is **** *** ********* ** ****** *** ****** **** **** new ******** ** *************. **** ******* ******* ****, ******* **** the *** *** * ********** ******* ****** ** *********, **** cause *** ****** **** ** ****** ** ** **** ** infect ******* ********** ******. **** ***** ** **** ** ********* the ********/******** **** ** ******* **** **** **** ******* *********, but **** **** ****** *********. *** **** ***** **** ****** to **** **** ***** *** **** ****** **********, ** ****** devices ******* ****** ** ***-******** *****.

Outlook *** ****

** *** *** *** ******* ******-******** ****** **** *****, *** will ****** *** ********* *******, ** *****-***** ******* **** *** carried *** *** ****** ******* ** ****. *** **** ** renting *** * ****** *** ****** *** ****, *** ** competition **** *** ******** ********* ********* **** **** ***** *** this ********, ******* ** **** ******* ** *****-******* *******. ** operators ****** ** **** * *** ***** ** ******* ** infect ** ***** ****** ***** ** ******** ******-******** ******, ********** to * **** ***** ******** **** ******.

Comments (11)

Sean Patton

11/28/16 04:26pm

**** ** * ****** *********** *******, ***** ***. ** ******** in ****** ** ** **** *******, ** ***** **** **** that *** ** **** ** ******* **** **** ** ***** from *********? *** *** *** **** *** ** *** *** for ** ****, *** ***** ** **** ******** *** ************ (irony?) ************* *** ***** ********, **** * *** ** *** to ***** ***** ** ***/****** ****. *** *** *** ** avoid ****** ******** **** *** ** *******, *** ****** *** vulnerabilities ***** ****, *** * ****** ***********.

**** * ******* ******** ********** ***** *** ********* **** ********/*****/********/********/*** that *** ****** *** **** **** ******* *******, ******* **** botnet ******** ******* **** ************* ***, *** ***** ***** ** high ****** ********** ******** *** *** ** *** ************** ** dollars ***** *****.

** *** *******, ****** ********* ***** ** * **** *** to * ***** ***** ** ***** *******, *** ** *** know ****'* * **** ******. ****** *** *** ******** *** entire ************ ******** ****** ******** (*** ****).

Brian Karas

IPVM | 11/28/16 05:00pm

** ******** ** ****** ** ** **** *******, ** ***** even **** **** *** ** **** ** ******* **** **** of ***** **** *********?

* ***** ***** *** * *** ****** **** *** **** and **** ****** *** *******:

************* *** ******* ****** *** *** ** ******* (** ** fair, ** ***** **** **** ** **** **** ****** ***).

**** ************** ******* ***** ** ******* ** *** ***** ****** login ** * ****** ******** *** *** **** *** (**** would ***** ***** ***** *** *****/*************, *** **** ****** ****** until * ****** ******** *** ****).

********** *** **** ** *** ********** ****** *****, *** **** putting ******** ** ***-******** *****. ***** ***-******** ***** ***** ** slightly ****** ** **** *** ******** ** **** ******* **** can ** ******* ******.

******** ******* *** ** **** ** **** ** *** ************ process ** ****** ******** *** ******* ****** ****, ***** ** most ***** ****** **** ******* ***************, ****** ** ** ****** possible **** *** *************** **** **** **********, *** **** ****** be ****.

********** *** **** ****** *** ********* ******** ***** ** ***** ability ** ** *******, *** *** ****** ****** * **** track ****** ** ********** ** *** ****** ******** ****** *******.

************* ***** **** * **** **** ** ******** ****** ************** if **** **** ******* ** **** ** * ********, *** willing ** ****** ****** ****** **** ******** **** ****** *******, by ****** ****** **** ************.

**** *** *********, **** ** *********, **** **** ****** ****** boot ************* **** ***** *****, *** ** **** *** ****** that ******** ************* *** ***** ******** **** **.

** *****, ****** **** *** ** ******** ** ****** **** even ** ** ******** ***** **** ****** ** * **** shell, **** ***** *** ****/*** ************ ****.

****** **** ***** **** ** ******* ****** ** ********* **** difficult ** ****** ******'*, ** *** ******* ***** *** **** download ******** ** **** *** ******/******** ** ******** **** ****. This ** ******* ******* ** ******* ** *** ** ****** cannot *** ******** **** *** *** **** ********** ****** ** Apple, ******* **** ************* **** **** ***** *** **** ** give ** *** ******* ** *** *** ***** **** ** their *******.

**** **** ******, ******** ******** **** ** **** ****** *** goes ******* ********** ************** ********* ***** **** **** ****** ** the ************* ** ********** ****, *** *** ****** ***** ** significantly ********* ********, *** ************, ** ********* *** *******. ***, the ************* *** **** ****** ** *** **** ** ** there ** ********* ******* ** ***** **, ****** ** ********* requesting **, ** *** ******* ********* ** ****** ******* ******** significant.

Sean Patton

In reply to Brian Karas | 11/28/16 05:10pm

*** ******* ********** * *** ***** ** **** ********, *** my ******** ** ***** * *** ** *** ******* **** are **** ** ***** ******* ******** ******** ****** *******?

**** **** **** **** ***********, *** **** ** ***** ***********, extra ***** ***** ** ******** ** *********, *** ******** ** on, *** *** **** ******** ********** **** ***** *** ********* video **** ****** ******'* **** ** *** ***** *******?

**** * ************* **********, **** **** ******* **** ********** * think * **** ** ****, **** * *** ******** ****** for ************* ****** **; *********** (****!)

Brian Karas

IPVM | In reply to Sean Patton | 11/28/16 08:42pm

*** ******* ********** * *** ***** ** **** ********, *** my ******** ** ***** * *** ** *** ******* **** are **** ** ***** ******* ******** ******** ****** *******?

***, ** ** **** ****** * *** ** **** *** consumer/DIY ********, * **** ****** *** ********* *********** ******* ** is ******** ****. * *** **** ********** ******* **** *********** for ***-*****, *** * ***** *** ******* ** **** **** few ***-***** *** ***** ****** ** ** ******** ** *** first *****, *** ***** **** *** ***** ******* **** ****** best *********.

Undisclosed #1

11/28/16 05:10pm

**** ************** ******* ***** ** ******* ** *** ***** ****** login ** * ****** ******** *** *** **** *** (**** would ***** ***** ***** *** *****/*************, *** **** ****** ****** until * ****** ******** *** ****).

***, ******'* ***** ****:****** ******** ** ******* ******** *********...

Undisclosed Distributor #2

11/28/16 05:15pm

*** ******* **** **** ******** ** ***** ** **** ***** are ******** ** ********* ** ***** ******* **** *** ******* out ***** *** **** **** *** ** ******* *** ** ignorance ** *** *******, *** ******* ** ******* *** *************, or **** *** ******. *** **** ******** **** ** *** last **** ** **, *** ************* *** ********* ** ******* the ****** ***** ** ***** ********* ** *** *******. **** botnet **** ******** ** ******** *** ** *** *** ******* that **** *** ** *******, *** *** ** *** ******* being ********* ***** ** **** ****** *** **** ******* ******.

Undisclosed #3

11/28/16 06:32pm

*** ***** ******** *********? *** ****** **** ***** ** ******** to **** (*******) **** *** ******? ** * ******** ************* to **** ******** ***** (******) *** **'* *** ******? **, I ***'* **** *** ** ** ****. **** ***** ** honest ********. ** ** **** ******* *********. ** **, ***** does *** **** **?

Brian Karas

IPVM | In reply to Undisclosed #3 | 11/28/16 06:51pm

**** *** *** ********** ** ******* ********* **** ****** ******** firewall *******, ** ** **** ***** ******* ***** *** "*********" IP ******, ***** *** *** ******** ***** ****** ******** *** establish * ******* ********** ** *** ******. *** ******** ** this ** **** ** ***** ****** *** ****** **** **** more *********** (****** *** ************, ** **** ***** ******, ******** a ***** ******/***** *******). * *** **** ** ********* ** the ** ******* ** *** ****** ****** **** ******* *** some ******, ***** ** *** ******** *** *********** *****/*** ********.

Undisclosed #3

In reply to Brian Karas | 11/29/16 04:04pm

****** *** *** *******.

** ******** *** ***** ** *** *** ****** ******* ******* access. ** ***** ******. *** **** **...

** *** ****** **** (*** *** ******* ********* **** * single ****** ** ***) * ******** *** **** *** ******* in ***** *** **** ******* *** ******. **** ********* **'* mission? **** ***** ** ** **** **** *********** ******** ** the ****** ** **** ******* ******* *** ******** ****** * large **** ** *** ******* ********** ** *** ****.

*** * ***** ******** ******* *** * ********** ******* ** minimize *** ******* ***** ********* **** ********* ***** ***** *** one **** ***** ******** **** **'* ****** ** *** *****.

Undisclosed Distributor #2

In reply to Undisclosed #3 | 11/29/16 04:17pm

*** ******* **** *'** **** ***** *** ****** ** *** infection **** **** **** *** ****** ***** ******* * ******, it ******* *** ********** **** *** **** ***** ******** ** memory. ***** ******* *** ****** ***** ****** *** ****** *****, but ****** ******** *** ***** ** ******* ** ****** ******** back ** ** **** **** ****** ** ******** ***** ****** minutes.

Undisclosed End User #4

05/28/17 05:22pm

**** *********** ***** * *** *** ***** **.

Login to read this IPVM report.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Hacking

Winter 2019 IP Networking Course on Nov 05, 2018

This is the only networking course designed specifically for video surveillance professionals. Lots of network training exists but none of it...

HID: Stop Selling Cracked 125 kHz Credentials on Nov 05, 2018

HID should stop selling cracked 125 kHz access control credentials, that have been long cracked and can easily be copied by cheap cloners sold on...

"New Zealand Govt Uses Chinese Cameras Banned In US", Considers Security Audit on Oct 12, 2018

Newsroom NZ has issued a report: "NZ Govt uses Chinese cameras banned in US": This comes after the US federal government banned purchases of...

China Hacks Video Servers Causing Uproar on Oct 05, 2018

An incident causing an international uproar is hitting home in the video surveillance industry as a Bloomberg report, "The Big Hack: How China...

Genetec Takes Aim At 'Untrustworthy' 'Foreign Government-Owned Vendors' on Sep 24, 2018

Genetec is taking aim at 'untrustworthy' 'foreign government-owned vendors'. This is not a new theme for Genetec as nearly 2 years ago, Genetec...

Hikvision FIPS 140-2 Cybersecurity Certification Examined on Aug 27, 2018

A week after the US government passed a law banning Hikvision, Hikvision announced it had obtained a FIPS 140-2 certification from the US...

Sony Gen 5 IP Cameras Critical Vulnerabilities on Jul 26, 2018

Cybersecurity vulnerabilities remain prevalent in video surveillance devices. Now Talos researchers have discovered multiple vulnerabilities in...

Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018

Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...

The Dumb Ones: PSA's Bozeman On Cybersecurity on Jun 15, 2018

The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring (now US government banned) Dahua as a...

Debating Relevance of China Hacking US Navy Plans on Jun 11, 2018

"Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to...

Most Recent Industry Reports

Integrator Credit Card Alternative Divvy on Nov 13, 2018

Most security integrators are small businesses but large enough that they have various employees that need to be able to expense various charges as...

Directory of Video Intercoms on Nov 13, 2018

Video Intercoms, also known as Video Door-Phones or Video Entry Systems, have been growing in the past decade as more and more IP camera...

Beware Amazon Go Store Hype (Tested) on Nov 13, 2018

IPVM's trip to and testing of Amazon Go's San Francisco store shows a number of significant operational and economic issues that undermine the...

Magos Radar Company Profile on Nov 12, 2018

Magos America General Manager Yaron Zussman admits when he first came across Magos, he asked himself: "What's innovative about radar?" Be that as...

Genetec Privacy Protector Tested on Nov 12, 2018

Genetec has built Kiwi Security's Privacy Protector into Security Center, an analytic which anonymizes individuals in cameras' fields of view...

Chinese Government Increases Hikvision Ownership on Nov 12, 2018

The Chinese government - Hikvision's controlling shareholder - is increasing its ownership of the video surveillance giant amid sharp stock price...

Axis: "No One Wants To Buy A Camera" on Nov 09, 2018

Axis has, in its own description, made a bold declaration: The industry is changing so rapidly that the following statement might seem bold but...

Video Surveillance Hard Drive Size Statistics 2018 on Nov 08, 2018

What is the most common hard drive size for video surveillance? 150+ integrators answered: What size hard drive do you most commonly use? What...

Axis 2N Intercom Tested on Nov 08, 2018

Axis expanded its video intercom business buying Czech-based 2N in 2016. Despite competing against owner Axis' intercoms, 2N recently registered as...

Haven Targets School Security with Lockdown Lineup on Nov 08, 2018

Haven, a US startup founded in 2014 as a residential-focused company, has now raised funding and is offering a lineup of commercial grade locks for...

Hackers Battle For 3 Million Strong Mirai Botnet

Comments (11)

Sean Patton

Brian Karas

Sean Patton

Brian Karas

Undisclosed #1

Undisclosed Distributor #2

Undisclosed #3

Brian Karas

Undisclosed #3

Undisclosed Distributor #2

Undisclosed End User #4

Login to read this IPVM report.

Related Reports on Hacking

Most Recent Industry Reports

Member Login