Anti-worm ‘Nematode’ Could be Answer to Mirai Botnets

Written by

A security researcher has uncovered what is claimed to be an effective way to mitigate the threat from Mirai-powered IoT botnets like the one that caused a massive internet outage over a week ago.

The developer claimed the anti-worm ‘Nematode’ could help patch vulnerable connected devices exploited by Mirai – which scans for default Telnet credentials.

The following explanation was posted on GitHub:

“The idea is to show that devices can be patched by a worm that deletes itself after changing the password to something device- specific or random. Such a tool could theoretically be used to reduce the attack surface. This is meant to only be tested in closed research environments. Use of this software is at your own risk.”

Those discussing the Proof of Concept on Reddit echoed the author's caution, warning that researchers would be breaking the law if they try this out in the wild without getting permission of the owner of any insecure IoT device.

The internet went briefly into meltdown on 21 October after DNS provider Dyn was taken out by a DDoS launched from a 100,000-strong IoT botnet.

The knock-on effect for Dyn customers meant the likes of Amazon, Twitter, Reddit and Spotify were taken offline on the Friday.

The provider confirmed the botnet was mainly powered by devices compromised by Mirai, malware publicly released just weeks before.

However, it refused to be drawn on who might have been behind the attack, or whether it was – as some have claimed – a massive 1.2Tbps.

In related news, security firm Invincea claimed last week to have found a stack buffer overflow bug in the Mirai source code which, if exploited, could prevent an HTTP flood attack.

However, it doesn’t address the underlying problem of vulnerable IoT devices and effectively leaves them intact to be exploited in future attacks.

What’s hot on Infosecurity Magazine?