Mirai infection surveillance cameras to observe the process, 98 seconds to complete infection
Mirai by the recent series of botnet-driven attacks, including the French previous website host OVH Attacked, Dyn hacked led the United States more than half of Internet paralysis and so on, the event also makes us aware that DDoS potential impact on the global Internet attack brought.
Experts found that, Mirai botnet by tens of thousands of infected IoT equipment components, such as CCTV and DVR and so on.
Graham first bought a $ 55 technology-Tech surveillance cameras.
This camera supports Universal Plug and Play (UPnP), this feature is not safe, but users do not understand the techniques used it is more convenient, because UPnP devices are basically plug it can be used.
Graham followed by raspberry pie made with a wireless router, the camera with your home network to isolate.
Only 98 seconds of the time, Graham camera infected with malicious software.
And the reality is that this camera infected with several malware –Mirai not the first to arrive at the scene, but “Similarly other malicious programs.”
Subsequently, Graham observed Mirai action. It was found that, Mirai use Telnet protocol, using 61 common login credentials brute device password in order to gain access to the camera. “Mirai via Telnet rather than web, infection of the target device.”
After the successful invasion of the target IoT devices, Mirai will download the entire virus. Mirai then began to issue high-speed SYN packet, looking for other hosts.
A moment in which a malicious software or even shut down the daemon, Telnet, and the Graham kick into the net.
The next day, Graham wrote a command to prevent the user Mirai kick into the net.
Reference Source: securityaffairs