Webcam bots Japanese sex chat bot

And Mirai has demonstrated that it doesn't take "zero-day" bugs to make it happen; attackers only need poorly implemented security on devices that can't be easily fixed.

Webcam bots-8

"One of the things we noticed during the Dyn attack was that the C&C domain would change its address," Nixon explained.

"That way, the C&C network could segment its botnet." By simply changing a DNS entry, the attacker could use the same domain to create and operate multiple separate botnets simultaneously.

"This could mean that they are 'renting' several different botnets to launch an attack against a specific victim, in which multiple other sites have been impacted." The motive may have been blackmail, with the attacker seeking a payout by Dyn to stop.

[Update: Dyn has said there was no financial motivation behind the attack.] But Drew warned that the huge disruption caused by the attack "could result in large copycat attacks, and [a] higher [number of] victim payouts [so] as to not be impacted in the same way.

"When one C&C server fills up, [the botnet operator] can just change the IP address associated with that 'A' name," Nixon explained.

New bots will connect to the new address while older bots continue to communicate with the previously labeled server.

"Since this is an ongoing investigation, we cannot speculate on these events." Regardless of the reasons behind it, the attack on Dyn further demonstrates the potential disruptive power of the millions of poorly protected Io T devices.

These items can be easily turned into a platform for attacking anything from individual websites to core parts of the Internet's infrastructure.

This opportunity provides more ambitious botnet builders a proven platform to improve upon.

The simplicity of Mirai's C&C structure makes scaling it up relatively simple.

And with a criminal investigation underway, a Dyn spokesperson declined to confirm or deny that Sony was also a target.

Tags: , ,