A hacker has released the source code for the malware that powered the distributed denial of service attacks that were launched against security blog Krebs on Security and OVH, one of the biggest hosting providers in the world.
According to Brian Krebs, the owner of the Krebs on Security blog, the source code for the malware, known as Mirai, was uploaded on the hacker website Hackforum by a user who goes by the name Anna-senpai.
The malware is designed to infiltrate Internet of Things devices that users have not protected by changing their username and passwords. Because they still use their default usernames and passwords from when they were manufactured and released into the market, the malware is able to take control over the internet-connected appliances and gadgets such as smart refrigerators, web cameras and CCTVs.
Once the infected IoT devices are assembled, the hacker can control them from a central server to launch DDoS attacks on target websites.
This is what happened to Krebs on Security earlier in the month, with the attack widely thought to be in retaliation for blog posts that led to the arrest of two major sellers of DDoS attacks. The attack launched on the blog reached 620 Gbps, which is considered one of the worst in the history of the internet so far.
A similar attack was launched last week against OVH, though that one was far worse. Considered to be the largest DDoS attack in the world, over 150,000 hacked IoT devices were utilized to bombard the company's servers with 1 Tbps worth of traffic.
Mirai, while being newer and more sophisticated than rival malware Bashlight, has only created 233,000 infected devices compared with 963,000 for Bashlight. However, with the public release of the Mirai source code, the malware could go mainstream and lead to the infection of even more unprotected IoT devices for more powerful DDoS-launching networks.
In turn, this could further boost the power of DDoS attacks to even higher volumes than what was seen launched against OVH last week.
According to Anna-senpai, Mirai previously pulled in 380,000 devices, but after the publicity of the Krebs on Security attack, internet service providers have been shutting down the infected devices. The devices pulled in by Mirai are now only 300,000, and that number is still falling.
Despite that, it is unclear why the hacker decided to upload the Mirai source code, as the malware and its ability to expand infected IoT devices is a lucrative asset for criminal hackers. One possibility is that, with the source code out in the open with more hackers in possession of it, it would be harder for the authorities to pinpoint its original author.