Source Code For IoT Botnet 'Mirai' Which Took Down Krebs On Security Website With DDoS Attack Released (krebsonsecurity.com)

← Back to Stories (view on slashdot.org)

Source Code For IoT Botnet 'Mirai' Which Took Down Krebs On Security Website With DDoS Attack Released (krebsonsecurity.com)

Posted by msmash on Monday October 3, 2016 @04:00AM from the security-woes dept.

As if the state of security wasn't already a headache worldwide, we now may have one more reason to worry about: a hacker has made available the source code that could allow more people to wage the kinds of extraordinary large assaults that recently knocked security news site KrebsOnSecurity offline. Brian Krebs reports:The source code that powers the "Internet of Things" (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices. The leak of the source code was announced Friday on the English-language hacking community Hackforums. The malware, dubbed "Mirai," spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. Vulnerable devices are then seeded with malicious software that turns them into "bots," forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline. The Hackforums user who released the code, using the nickname "Anna-senpai," told forum members the source code was being released in response to increased scrutiny from the security industry.

4 of 117 comments (clear)

Min score:

Reason:

Sort:

Oh great by JustAnotherOldGuy · 2016-10-03 04:04 · Score: 3, Informative

Oh great, now every dickweasel and conehead in the world will be cranking out malware.

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re: Oh great by naughtynaughty · 2016-10-03 05:22 · Score: 4, Informative
  
  Almost all manufactures ship devices with default username and passwords
  Changing them is your responsibility
Duplicate story by eledill · 2016-10-03 04:12 · Score: 3, Informative

This is a duplicate of http://m.slashdot.org/story/31...
1. Re:Duplicate story by xxxJonBoyxxx · 2016-10-03 04:25 · Score: 4, Informative
  
  Half the editors were too busy fending off a DDOS attack to read their own site. The other half still use a username/password of "admin/admin123" on their home devices and couldn't read their own site because their equipment was currently part of a global botnet.
  
  More seriously, here's the list of usernames/passwords the bot exploited. Might be worth adding to your personal collection to make sure your scanned notices these.
  
  root xc3511, root vizxv, root admin, admin admin ,root 888888
  root xmhdipc, root default ,root juantech ,root 123456, root 54321, support support
  root (none) ,admin password ,root root ,root 12345 ,user user ,admin (none)
  root pass ,admin admin1234 ,root 1111 ,admin smcadmin ,admin 1111 ,root 666666
  root password ,root 1234 ,root klv123 ,service service, supervisor supervisor ,guest guest
  guest 12345, , guest 12345, admin1 password ,administrator 1234 ,666666 666666 ,888888 888888
  ubnt ubnt ,root klv1234 ,root Zte521 ,root hi3518 ,root jvbzd ,root anko ,root zlxx. ,root 7ujMko0vizxv ,root 7ujMko0admin
  root system ,root ikwb ,root dreambox ,root user ,root realtek ,root 00000000 ,admin 1111111
  admin 1234 ,admin 12345 ,admin 54321 ,admin 123456 ,admin 7ujMko0admin ,admin 1234 ,admin pass
  admin meinsm ,tech tech ,mother fucker