Botnet, DDoS, Security, Uncategorised

Mirai IoT botnet up close

Since the release of the Mirai source code and the recent DDoS attacks on Dyn the telnet cyberspace has exploded in scanners and ddosers.

This is what a telnet session from an infected Mirai host looks like:

Notice how it grabs the malware from this url? hxxp://137.74.49.209:80/bins/mirai.x86

Here is the information on the binary caught:

SHA256: e8289b100ebbac7243895bdbe3cc57cd36e1c5e2ac055d275a5a082f4aca4e79
File name: mirai.x86_578f88f69e5b53cb726d17d530284551

https://virustotal.com/en/file/e8289b100ebbac7243895bdbe3cc57cd36e1c5e2ac055d275a5a082f4aca4e79/analysis/

Once the loader has dropped the binary and run it, the malware then begins to randomly scan the ipv4 space for open and insecure telnet services. (obviously I am skipping out a lot of steps here)

You can see that happening in this code snippet:

 

Also make sure to checkout SpoofIT’s writeup on Miai here: http://www.spoofit.org/new-mirai-cc-deployed/  and http://www.spoofit.org/mirai-samples/

 

DDoS, DoS, Security

DRDoS – Denial of Service on Steroids

DDoS is one of the oldest and most used forms of “internet protesting” in the book, its used thousands of times a day all around the world.  For those who do not know, DDoS stands for Distributed Denial of Service, otherwise meaning a shit tonne of attackers pelting a poor server with millions of packets until said server cannot cope any more and, well, denies service.

Normally if you would like to carry out a DDoS attack you would have to either build a botnet of thousands infected computers or devices, or use a pay-for-hire DDoS service which you can find in one Google search. This is great in all for the common criminal, but building a botnet takes time and skill and pay-for-hire services are costly and mostly useless.

What most people don’t know is that some of the largest attacks ever recorded in internet history were only most likely using a few, maybe 50 machines at most to attack with. This is made possible due to term “Amplification” or “DRDoS” (Distributed Reflection Denial of Service) in which the attackers turn a small request into a much larger one by using open internet resolvers that anyone can use.

Continue reading “DRDoS – Denial of Service on Steroids” »