Hackers put large botnet infected with Mirai worm up for rent

Security / Tech
Mirai worm

Two hackers, with criminal pasts, are offering up a large botnet of 400,000 Internet of Things (IoT) infected devices for rent.

Just a few weeks ago the internet was hit by the Mirai worm through a series of DDoS attacks which took down a large swath of services. The attack lasted longer than most would have liked but for the most part, it was finally contained and everything went back to normal. Now boingboing.net is reporting that two hackers, with criminal pasts, are offering up a large botnet of 400,000 Internet of Things (IoT) infected devices for rent. The devices are infected with the Mirai worm and have the potential of launching DDoS attacks against whoever their controller chooses. The hackers claim they’ve improved the Mirai worm and targets will not be able to block incoming attacks.

According to the botnet’s ad and what Popopret told us, customers can rent their desired quantity of Mirai bots, but for a minimum period of two weeks. “Price is determined by amount of bots (more bots more money), attack duration (longer = more money), and cooldown time (longer = discount),” Popopret told Bleeping Computer. Customers don’t get discounts if they buy larger quantities of bots, but they do get a discount if they use longer DDoS cooldown periods.

courtesy boingboing.net

courtesy boingboing.net

“DDoS cooldown” is a term that refers to the time between consecutive DDoS attacks. DDoS botnets use cooldown times to avoid maxing out connections, filling and wasting bandwidth, but also preventing devices from pinging out and disconnecting during prolonged attack waves. Popopret provided an example: “price for 50,000 bots with attack duration of 3600 secs (1 hour) and 5-10 minute cooldown time is approx 3-4k per 2 weeks.” As you can see, this is no cheap service.

Once the botnet owners reach an agreement with the buyer, the customer gets the Onion URL of the botnet’s backend, where he can connect via Telnet and launch his attacks.

As boingboing points out, the hackers have yet to demonstrate the new capabilities of this worm but the threat should still be considered. What do you think of this situation? Let us know your thoughts and comments below or on Twitter, Facebook and Google+.

  Source: BoingBoing
Comments
To Top