Mirai, the Internet-of-things malware that turns cameras, routers, and other household devices into potent distributed denial-of-service platforms, may be lying low, but it's certainly not dead. Last week, researchers identified a new outbreak that infected almost 100,000 devices in a matter of days.
In September of last year, Mirai emerged as a force to be reckoned with when it played a key role in silencing one of the most intrepid sources of security news in record-setting DDoS attacks topping 620 gigabits per second. Within a few weeks, Mirai's developer published the source code, a feat that allowed relatively unsophisticated people to wage the same types of extraordinarily big assaults. The release almost immediately helped touch off a series of large-scale attacks. The most serious one degraded or completely took down Twitter, GitHub, the PlayStation network, and hundreds of other sites by targeting Dyn, a service that provided domain name services to the affected sites.
Last week, researchers from China-based Netlab 360 say they spotted a new, publicly available Mirai variant. The changes allowed the malware to spread to networking devices made by ZyXEL Communications that could be remotely accessed over telnet using default passwords. One of the exploits was published on October 31. Over a span of 60 hours starting on November 22, the new Mirai strain was able to commandeer almost 100,000 devices. Virtually all of the infected devices used IP addresses local to Argentina, a possible indication the outbreak targeted customers of a regional service provider who were assigned unsecured modems.