Slashdot Mirror

← Back to Stories (view on slashdot.org)

You Can Now Rent A Mirai Botnet Of 400,000 Bots (bleepingcomputer.com)

Posted by EditorDavid on from the telnetting-for-dollars dept.

An anonymous reader writes: Two hackers are renting access to a massive Mirai botnet, which they claim has more than 400,000 infected bots, ready to carry out DDoS attacks at anyone's behest. The hackers have quite a reputation on the hacking underground and have previously been linked to the GovRAT malware, which was used to steal data from several US companies. Renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks, meaning renting the whole thing costs between $20,000-$30,000.

After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia. The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total.
Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public."

6 of 62 comments (clear)

  1. Or you can get a botnet for free... by Anonymous Coward · · Score: 5, Funny

    By getting an article posted on slashdot and having the site you want DDoS'd linked in the summary :)

  2. Tomorrow will be interesting... by aaarrrgggh · · Score: 2

    Cyber Monday could be interesting.

    But seriously... other than causing chaos, does anything get accomplished with a DDoS that it provides some kind of value? I get the idea of a multi-pronged attack, but is there that much to gain?

    1. Re:Tomorrow will be interesting... by CaptainDork · · Score: 2

      This.

      DDoS is vandalism.

      It pisses someone off; costs them; and the little botnet kiddies giggle.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:Tomorrow will be interesting... by CODiNE · · Score: 2

      It's good for masking actual intrusions. Distracting the IT guys from the data exhilaration going on.

      It's also useful for stopping up bank transactions long enough for the undo window to expire on fraudulent transfers. Say you do some real estate fraud and trick someone into wiring $200k to the wrong account. Doesn't do you any good if they catch it and roll it back in a day. Do the transfer, DDoS the heck out of the bank... that's well worth $15k a week.

      Script kiddies don't pay that kind of money to laugh about taking Walmart down for a few days. There's real money behind this stuff.

      --
      Cwm, fjord-bank glyphs vext quiz
    3. Re:Tomorrow will be interesting... by BlueStrat · · Score: 2

      This.

      DDoS is vandalism.

      It pisses someone off; costs them; and the little botnet kiddies giggle.

      It's also an asymmetric-warfare weapon of domestic and foreign dissidents against oppressive, authoritarian governments, which is the real, actual concern of those governments. This is particularly true in the US, as the government continues to become ever more authoritarian, corrupt, deceitful, and controlling, both domestically and in foreign affairs.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    4. Re:Tomorrow will be interesting... by geekmux · · Score: 3, Insightful

      DDoS is an inconvenience.

      It is not a problem.

      The attack on Dyn was mitigated in a few hours and we move on.

      Dyn should have been hardened to begin with...

      Dyn should have been hardened? No, more like DNS as a whole should have been hardened fucking long ago.

      It's still the Achilles heel of the internet.