The botnet which caused nationwide internet outages two years ago can now not only exploit vulnerabilities of the Internet, but also turn an IoT-device (Internet of Things) into a proxy server.
Researchers from FortiGuard Labs have encountered an updated version of the world's largest botnet, Mirai. The specialists nicknamed the modification Mirai OMG, according to the publication Fortinet.
Mirai is a malware that turns networked devices running Linux into distantly controlled "bots" that can be used as part of a botnet in large-scale network attacks, primarily targeting online consumer devices.
Unlike the previous version, however, the new botnet turns an IoT-device into a proxy server. As a result, attackers have been able to pass malicious traffic through infected devices, allowing hackers to better hide their identity and location, as well as carry out more powerful attacks.
The first time that specialists heard about Mirai was in mid-2016. The malware’s developers attacked the site of Internet security expert Brian Krebs:
" the traffic volume reached 660 gigabytes per second. Back then, the specialist called the botnet "the most powerful weapon of our time."
Brian Krebs published an article at the time about how cybercriminals earn money by converting IoT devices into proxy servers. Hackers use proxies to provide anonymity when conducting illegal activities such as cyber theft, hacking into a system, etc.
“One way to earn money with proxy servers is to sell the access to these servers to other cybercriminals. This is what we think the motivation behind this latest Mirai-based bot is,”Fortinet wrote.
In 2016, the FBI discovered the creators of Mirai: they were American students Dalton Norman, Paras Jha and Josiah White. The young men say that they wanted to earn some money with their idea: the students organized DDOS-attacks on other people's servers of the computer game Minecraft, while luring players to their own servers.
However, when the teens saw the full potential of the botnet they had created, they published the Mirai source code online so that other hackers could also use it.
As a result of the DDOS-attacks, a lot of large resources collapsed, including GitHub, Spotify, Twitter and Reddit, causing nationwide outages.
“This is the first time we have seen a modified Mirai capable of DDOS attacks as well as setting up proxy servers on vulnerable IoT devices. With this development, we believe that more and more Mirai-based bots are going to emerge with new ways of monetization,”Fortinet wrote.