• About Us
Thursday, 21 February, 2019
IT Security Guru
Advertisement
  • Home
  • About Us
  • News
    • Cloud Security
    • Data Protection
    • Featured
    • Guru Picks
    • Hacking News
    • Mobile Security
    • Network Security
    • Threat Detection
  • Latest Videos
  • The Blog List
  • Event Calendar
No Result
View All Result
  • Home
  • About Us
  • News
    • Cloud Security
    • Data Protection
    • Featured
    • Guru Picks
    • Hacking News
    • Mobile Security
    • Network Security
    • Threat Detection
  • Latest Videos
  • The Blog List
  • Event Calendar
No Result
View All Result
IT Security Guru
No Result
View All Result

Research shows Russian hackers could be behind the Mirai botnet

in Editor's News
Share on FacebookShare on Twitter

In a new blog post Imperva researchers analyse the Mirai botnet which was responsible for a huge DDoS attack against security researcher Brian Krebs in September. The blog studies the locations of the IP addresses that make up the botnet, examines the botnet’s source code in order to understand more about how it operates, studies what IP addresses Mirai is programmed to avoid and reveals new data which shows that Russian hackers may be behind the huge botnet.
The full blog post can be found here, however key takeouts include:

  • Overall, IP addresses of Mirai-infected devices were spotted in 164 countries. As evidenced by the map below, the botnet IPs are highly dispersed, appearing even in such remote locations as Montenegro, Tajikistan and Somalia.
  • Mirai’ has a “Don’t Mess With” List. One of the most interesting things revealed by the code was a hardcoded list of IPs Mirai bots are programmed to avoid when performing their IP scans. This list, which you can find below, includes the US Postal Service, the Department of Defense, the Internet Assigned Numbers Authority (IANA) and IP ranges belonging to Hewlett-Packard and General Electric.
  • It is worth noting that Mirai code holds traces of Russian-language strings despite its English C&C interface. This opens the door for speculation about the code’s origin, serving as a clue that Mirai was developed by Russian hackers or—at least—a group of hackers, some of whom were of Russian origin. Other bits of code, which contain Rick Rolls’ jokes next to Russian strings saying “я люблю куриные наггетсы” which translates to “I love chicken nuggets” provide yet more evidence of the Russian heritage of the code authors, as well as their age demographic.
  • Another interesting thing about Mirai is its “territorial” nature. The malware holds several killer scripts meant to eradicate other worms and Trojans, as well as prohibiting remote connection attempts of the hijacked device.
Previous Post

Eko Malware Targets Facebook Users

Next Post

Seasoned CISO joins FireMon as Chief Technology Officer

Comments 0

  1. Benita Sher says:
    2 years ago

    Once you need the services of a hacker with discretion and top servicing, i implore you to try your best to hire only professionals.
    gmail- pauleta.steelbreaker.
    M-+19283233115
    It will increase your chances of getting your job completed. i was able to hire the services of an elite, asides the fact that i was provided a permanent solution to the service that was rendered me but gave a very efficient customer experience.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

IT Security Guru

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

My settings
GDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Save my settings