The dreaded Mirai worm has been on the hunt for months now. It first set out its reign of terror when it attacked security journalist Brian Krebs using 620gbps floods and tried to knock him off the internet. Then it was seen trying to take down Level 3, Dyn and other well-reputed internet giants pretty soon after that. And on Oct 11, the worm attack every developed and some undeveloped nations on the Earth only to have been taken down by hybridising it with another IoT worm.
But the more scary part is that the worm is meaner and bigger than ever before, and we simply seem to have no solution to stop the menacing monster. Adding insult to injury, it is now becoming clear that the DDoS attacks have turned into a business and can be rented by vindictive people to punish people like journalists or civil rights activists etc.
Two particular criminals, Bestbuy and Popopret have been identified in selling these “service” openly to the highest bidder. These two have also been previously caught in mass-scale corporate espionage, and have also been found spamming the XMPP/Jabber instant messaging protocol. They have been sending messages of offers entailing renting out 400,000-strong botnet of Mirai-infected devices. This “offer” also claims that this botnet is better than the earlier Mirai infections, and is also equipped with IP-address spoofing which makes it very hard to block the incoming traffic.
According to the botnet’s ad and a statement by Popopret themselves, customers can rent the desired number of Mirai bots for a minimum period of two weeks. The statement reads as below:
“Price is determined by amount of bots (more bots more money), attack duration (longer = more money), and cooldown time (longer = discount). Customers don’t get discounts if they buy larger quantities of bots, but they do get a discount if they use longer DDoS cooldown periods. “DDoS cooldown” is a term that refers to the time between consecutive DDoS attacks. DDoS botnets use cooldown times to avoid maxing out connections, filling and wasting bandwidth, but also preventing devices from pinging out and disconnecting during prolonged attack waves.
Then it was kind of Popopret to explain this with an example,
“price for 50,000 bots with attack duration of 3600 secs (1 hour) and 5-10 minute cooldown time is approx 3-4k per 2 weeks.”
It is evident that this is not a cheap service, but it still is a dangerous prospect, which makes the need of protecting our domains and beefing up their security ever so imperative.
Do you think our next major war will be a cyber one? Comment below!