What’s the Deal with Mirai? A Rundown on one of the Biggest Botnets

Every once in a while, a type of malware become so effective and prevalent that it dominates headlines for weeks. We have one type of malware fitting this description today. It is the Mirai malware, a malicious program that infects a plethora of internet-connected devices that fall under the Internet of Things (IoT) umbrella. Mirai’s goal is simple: collect and control enough IoT devices to target a service or server and flood it with so much traffic it’s knocked offline.

This “flooding” method is known as a Distributed Denial of Service (DDoS) attack. DDoS attacks are often conducted by botnets, a family of malware to which Mirai belongs. Botnets are a collection of infected devices that are controlled by a remote server or cybercriminal.

Defeating the Mirai malware is proving difficult, as the malicious program forces infected devices to disclose default Wi-Fi passwords and Service Set Identifier (SSID) codes (the name, essentially, for a particular network). This means cybercriminals could both re-infect routers and devices and use an infected device’s SSID for targeted cyberattacks. It’s another example of the new normal when it comes to device security today: default passwords are enabling cybercriminals to infect and recruit connected devices for illicit, and disruptive, means.

And Mirai is incredibly disruptive. The botnet is believed to be responsible for knocking a famed cybersecurity journalist’s website offline in one of the largest recorded DDoS attacks in history.  It’s also believed to be behind the massive attack on Dyn, a service provider for some of the world’s most popular websites. As a consequence of the late September attack, cybercriminals managed to knock several popular websites offline for an extended period of time. Most recently, a modified version of Mirai managed to infect about 100,000 TalkTalk customers in the UK, and 900,000 Deutsche Telekom customers in Germany. According to the BBC, many of these infected devices may have given up their default passwords to the attacker. Part of Mirai’s success is thanks to its publicly-available source code, allowing any cybercriminal to create their own version of the malware.

So the Mirai malware has a massive footprint, is actively scanning for vulnerabilities and is freely available to any bad actor out there. It’s a big deal and, as the late September attack demonstrates, can bring large swaths of the internet to a halt. What can be done?

Developers and device manufacturers will need to both update device software and generate new default passwords. Users, since Mirai scans for default passwords and infects vulnerable devices in minutes, will need to reset and update their routers and devices while rapidly generating unique and hard-to-guess passwords. Every consumer should do this — not just TalkTalk or Deutsche Telekom customers — as we still don’t know how large and damaging Mirai is.

So, how can you protect yourself in light of this turn of events? Here are a few tips for you to keep in mind:

  • Reset your devices. Your router, and any IoT device you may have, will need to be reset and updated. You’ll need to do your own research on how to go about this reset and update, depending on your device. After doing so, you ought to reset it once more (for good measure) and then change its default password. You should do this for every IoT device you have, but your router is the most critical device for you to secure. If you’re unsure how to reset, update or change your router’s password, ask your ISP for help.
  • Use unique passwords. Critical to Mirai’s success is its ability to quickly scan and infect devices that use default passwords. Remove the default password and you remove Mirai’s biggest advantage. Almost every device you have will need a new password that’s at least eight characters in length, contains upper and lower-case letters, and includes numbers and symbols. If you have trouble remembering and managing complex passwords, look to a password management solution.
  • Use a comprehensive security solution. Part of living secure in a digital era means keeping up to date with the latest malware attacks for a better defense. Fortunately, comprehensive solutions, like McAfee LiveSafe™, can do this for you. Any solution you consider should have active malware monitoring, and cross-device support. Remember: any solution you adopt should be considered an investment. Always check its features to make sure it fits in with your lifestyle and security goals.
Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top