What is the Mirai Botnet?

The Mirai botnet is a malware designed to hijack Internet of Things (IoT) devices and turn them into remotely controlled “bots” capable of launching powerful volumetric distributed denial of service (DDoS) attacks.

The Mirai botnet was first seen in August 2016 and has since been used to launch large DDoS attacks on websites, networks and other digital infrastructure. Mirai was published as a source code by “Anna-senpai” to a public and easily accessible forum. The malicious code allows an attacker to gain control of vulnerable IoT devices such as webcams, DVRs, IP cameras, and routers. In early 2017, Krebs publicly named Josiah White and Paras Jha as the likely creators of Mirai botnet.

Security researchers estimate that there are millions of vulnerable IoT devices actively taking part in these coordinated attacks. Mirai can also infect all devices connected to the same network, making it possible to create a large botnet capable of launching devastating attacks.

How botnets work?

Botnets are networks of computers or other internet-enabled devices that have been infected with malicious software. Each device in the botnet is referred to as a “bot” and can be used by an attacker to carry out various malicious activities such as sending spam emails or launching DDoS attacks. Botnets are created when attackers use automated tools like worms or phishing emails to spread malicious software across multiple devices. Once a device is infected with the malicious code, it becomes part of the botnet and can be used by the attacker for their own purposes.

How does Mirai work?

The Mirai botnet works by scanning for vulnerable IoT devices that have open ports or default usernames and passwords. Once it finds these vulnerable devices, it uses exploits to gain access and infects them with its malicious code. The infected device then joins the Mirai botnet which allows the attacker to send commands from a central server which is known as a “command & control” server (C&C). This C&C server can then be used to launch large-scale DDoS attacks on websites, networks and other digital infrastructure by using all of the bots in the Mirai Botnet at once.

Mirai botnet analysis and detection

The best way to protect against Mirai Botnet attacks is by ensuring that your IoT devices are secure at all times. This means regularly updating firmware on any connected device, changing default passwords, disabling remote access if not needed, keeping your network firewall up-to-date, regularly monitoring for suspicious activity and avoiding public Wi-Fi networks whenever possible. It's also important to note that many IoT manufacturers now offer security solutions specifically designed for their products, so it's worth researching what type of protection your connected devices offer before purchasing them. Finally, if you suspect your device has already been compromised by a Mirai attack, you should immediately disconnect it from your home network until you can confirm its safety.

Radware DDoS protection and application delivery solutions mitigate network and application DDoS attacks by using approaches that block attacks without impacting legitimate traffic. By using machine-learning and behavioral-based algorithms to understand what constitutes legitimate behavior profiles, Radware can automatically block malicious attacks. This increases protection accuracy while minimizing false positives.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center