August 25, 2017 by

Researchers Develop Mirai Malware Vaccine for Insecure IoT Devices

Researchers have developed a novel new way to combat the dreaded Mirai botnet, the malware behind a sweeping cyberattack that banded together a million IoT devices last year.

In a paper titled AntibloTic: Protecting IoT devices Against DDoS Attacks, researchers from the Technical University of Denmark, Denmark; Orebro University, Sweden; and Innopolis University, Russian Federation revealed their study of the source code of the Mirai worm and its command and control system. The researchers then used the vulnerability of the IoT devices to inject a ‘white worm’ in order to secure these devices. The method sees an epidemiological approach to creating immunity with a vaccine by exposing the immune system to a weakened, less-threatening form of the disease.

Researchers wrote:

AntibIoTic uses the Mirai bot design to gain access and control of these poorly secured devices and inject them with antibiotic-like code. 

AntibloTic, also known as the ‘white worm project’, uses the Mirai bot’s design to gain access and control over the vulnerable devices before injecting them with the ‘antibiotic-like’ code. This code effectively exploits the spreading capabilities of the Mirai malware. Upon gaining control, this worm then attempts to notify the owner or find a solution on its own by changing credentials, patching an update software or even upgrading its firmware.

“AntibIoTic scans the Internet looking for IoT weak devices. As soon as a vulnerable device is found, it is infected and sanitized in order to secure its perimeter and ensure that no other malwares are in execution on the same device,” researchers added. “Subsequently, the awareness notification is sent to the owner pointing out the security threats of the device and some possible countermeasures to solve them. Then, the scrupulous device owner looks at the notification and secures its device following the guidelines given by AntibIoTic. At this point, the IoT device is not vulnerable anymore thus the AntibIoTic intent has been reached and it can terminate its execution freeing the device.”

The Mirai source code was notably published on Github after an initial release on hacker forums. Industry observers warned that the public release of the source code would give rise to new threats and bad actors looking to infiltrate cybersecurity defenses. The silver lining of the release sees white hat researchers using the same code to find vaccines for the destructive bot-army malware. 

The complete whitepaper can be found here.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Former Rutgers Student Pleads Guilty to Creating Mirai Botnet

A former Rutgers university student is among three men who pleaded guilty to creating the dreaded...

Read more arrow_forward

DDoS Attacks Blamed on Mirai-Style Botnet of 70,000 Android Devices

Researchers from a number of cybersecurity giants are banding together to fight a vast botnet...

Read more arrow_forward

U.S. Senators introduce New Bill that sets IoT Standards for Federal Suppliers

U.S. Senators are planning to introduce new bill that sets IoT standards for federal suppliers....

Read more arrow_forward