Malware Minute: Mirai Botnet

The proliferation of IoT (Internet of Things: think Alexa) devices has brought about many complications in IT security. A scan of the types of devices presented at a consumer tradeshow would point out hundreds of devices ranging from “smart shoes” to “smart cars.” These types of devices are constantly growing, yet they have very little security in place, many of these devices cannot be patched if vulnerabilities are found. It is the sad state of technology and the best dream possible for malicious actors.

The availability of vulnerable IoT devices has created a flourishing environment for adversaries by creating many machines to carry out attacks. One incredibly famous malware that used this to their advantage was Mirai. Before getting into the specifics of what Mirai was, I think it is incredibly important to explain what a botnet is.

According to Cloudflare, a botnet is a group of computers that have been infected with malware and gives control to a malicious actor (Cloudflare, n.d.). Essentially, the owner of the computer has relinquished control of it to another person, who has ill intent. When a bunch of these devices is compromised together they make up a network of robots, under the control of a single person, hence the name botnet.

So what was the Mirai botnet? Cofounders of Protraf Solutions, Paras Jha and Josiah White created the Mirai botnet to sell DDoS attack mitigation (Cloudflare, n.d.). The creators were attacking companies then offering services to protect against their attack. A DDoS attack floods a network with requests which render them useless, sometimes taking systems down for hours, and costing businesses approximately $10,000 or more per hour of downtime. Mirai looks for other strains of malware on devices when it infects the device and wipes it clean to ensure it is the only malware that owns the device (Fruhlinger, 2018).

In 2016, a massive DDoS attack left much of the internet down along the east coast of the United States (Fruhlinger, 2018). Researchers realized that the Mirai botnet caused this. The Mirai botnet was able to compromise over 100,000 IoT devices by searching sections of the internet for IoT devices that were using default credentials (Cloudflare, n.d.). Due to the weak security of the devices, the botnet was able to own many of those machines and carry out a large DDoS attack.  

The Mirai botnet is mutating, many other and more powerful, botnets have been created using the source code from Mirai such as Reaper (Cloudflare, 2019). This type of malware and how it infects devices is more prove about the need to change default passwords and use password managers for strong, unique passwords as well as multi-factor authentication to ensure they are not infected with strains of malware. Mirai was stored in the memory of the device it infected, a simple reboot would wipe the malware from the device, however without changing the password to a stronger password the devices would likely be infected shortly thereafter (Fruhlinger, 2018).

Works Cited

What is The Mirai Botnet? (n.d.). Cloudflare. Retrieved on April 1, 2019 from

Fruhlinger, J. (2018).  The Mirai botnet explained: How teen scammers and CCTV cameras almost brought down the internet. CSO. Retrieved on April 1, 2019, from

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s