IoT botnet source code released

The malware works by continuously scanning for IoT systems that are protected by factory default or hard-coded usernames and passwords. According to KrebsOnSecurity, vulnerable devices are then infected with malicious software that effectively turns them into ‘bots’, forcing them to report to a central control server that can be used as a staging ground for launching powerful distributed denial-of-service (DDoS) attacks designed to knock Web sites offline.

DDoS attacks involve flooding machine, server or website with simple requests for information until they become overloaded and unable to function. Last month's DDoS attack is reported to have swamped KrebsOnSecurity by sending 620 gigabits of data every second, which is more than enough traffic to take down most websites.

Released by a Hackforums user with the nickname ‘Anna-senpai’, Mirai is one of two malware families designed to create botnets from vulnerable IoT devices to have surfaced recently. The other is Bashlight, a malware that is thought to have infected over a million IoT devices and co-opted them into a botnet, according to KrebsOnSecurity, pointing to research from Level 3 Communications.

These developments underline the importance of a employing a rigorous programme of password protection, in both the consumer and industrial sectors.