August 25, 2017 by

Researchers Develop Mirai Malware Vaccine for Insecure IoT Devices

Researchers have developed a novel new way to combat the dreaded Mirai botnet, the malware behind a sweeping cyberattack that banded together a million IoT devices last year.

In a paper titled AntibloTic: Protecting IoT devices Against DDoS Attacks, researchers from the Technical University of Denmark, Denmark; Orebro University, Sweden; and Innopolis University, Russian Federation revealed their study of the source code of the Mirai worm and its command and control system. The researchers then used the vulnerability of the IoT devices to inject a ‘white worm’ in order to secure these devices. The method sees an epidemiological approach to creating immunity with a vaccine by exposing the immune system to a weakened, less-threatening form of the disease.

Researchers wrote:

AntibIoTic uses the Mirai bot design to gain access and control of these poorly secured devices and inject them with antibiotic-like code. 

AntibloTic, also known as the ‘white worm project’, uses the Mirai bot’s design to gain access and control over the vulnerable devices before injecting them with the ‘antibiotic-like’ code. This code effectively exploits the spreading capabilities of the Mirai malware. Upon gaining control, this worm then attempts to notify the owner or find a solution on its own by changing credentials, patching an update software or even upgrading its firmware.

“AntibIoTic scans the Internet looking for IoT weak devices. As soon as a vulnerable device is found, it is infected and sanitized in order to secure its perimeter and ensure that no other malwares are in execution on the same device,” researchers added. “Subsequently, the awareness notification is sent to the owner pointing out the security threats of the device and some possible countermeasures to solve them. Then, the scrupulous device owner looks at the notification and secures its device following the guidelines given by AntibIoTic. At this point, the IoT device is not vulnerable anymore thus the AntibIoTic intent has been reached and it can terminate its execution freeing the device.”

The Mirai source code was notably published on Github after an initial release on hacker forums. Industry observers warned that the public release of the source code would give rise to new threats and bad actors looking to infiltrate cybersecurity defenses. The silver lining of the release sees white hat researchers using the same code to find vaccines for the destructive bot-army malware. 

The complete whitepaper can be found here.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

DDoS Attacks Blamed on Mirai-Style Botnet of 70,000 Android Devices

Researchers from a number of cybersecurity giants are banding together to fight a vast botnet...

Read more arrow_forward

U.S. Senators introduce New Bill that sets IoT Standards for Federal Suppliers

U.S. Senators are planning to introduce new bill that sets IoT standards for federal suppliers....

Read more arrow_forward

Artificial Intelligence - The Future of Cybersecurity

The sheer number of cyber-attacks and threats present in today’s world is considerable. As the...

Read more arrow_forward