Botnet Wars: Return of the Mirai

Chinese security firm Qihoo 360 Netlab have discovered a new variant of the Mirai botnet which caused havoc last year.

The original Mirai botnet was so destructive that it made national headlines last year in many countries around the world. Internet users found many of their favourite services were inaccessible after hackers used the botnet to DDoS companies such as Dyn, a company that controls much of the internet’s DNS infrastructure.

In that attack, over 100,000 compromised devices flooded Dyn with a record-breaking amount of traffic — reportedly in the region of 1.2Tbps.

Whenever there’s mention of Mirai, it’s bound to cause some amount of panic. Variants discovered since last year’s attack haven’t caused anywhere near as much chaos, but it could be they’re waiting for the right time.

This latest variant was discovered by the researchers last week after noticing an increase in traffic scanning ports 2323 and 23. Small increases wouldn’t be of concern, but hundreds of thousands of unique IP addresses originating from Argentina  in less than a day  caught their attention.

After investigation, the researchers found the devices were scanning the ports looking for vulnerable devices manufactured by ZyXEL Communications. They were using two default telnet credential combinations, admin/CentryL1nk and admin/QwestM0dem, to gain root privileges on the targeted devices.

It’s expected this Mirai variant was upgraded to exploit the vulnerability in ZyXEL PK5001Z modems identified as CVE-2016-10401.

"ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP’s deployment of these devices)," the vulnerability description reads.

You can read my feature on botnets on page 20 of our ‘IoT News’ magazine. A free online copy is available here.

Are you concerned by Mirai variants and the growth of IoT botnets? Share your thoughts in the comments. in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.