Researchers Develop Mirai Malware Vaccine for Insecure IoT Devices

CCTV cameras

Researchers have developed a novel new way to combat the dreaded Mirai botnet, the malware behind a sweeping cyberattack that banded together a million IoT devices last year.

In a paper titled AntibloTic: Protecting IoT devices Against DDoS Attacks, researchers from the Technical University of Denmark, Denmark; Orebro University, Sweden; and Innopolis University, Russian Federation revealed their study of the source code of the Mirai worm and its command and control system. The researchers then used the vulnerability of the IoT devices to inject a ‘white worm’ in order to secure these devices. The method sees an epidemiological approach to creating immunity with a vaccine by exposing the immune system to a weakened, less-threatening form of the disease.

Researchers wrote:

AntibIoTic uses the Mirai bot design to gain access and control of these poorly secured devices and inject them with antibiotic-like code. 

AntibloTic, also known as the ‘white worm project’, uses the Mirai bot’s design to gain access and control over the vulnerable devices before injecting them with the ‘antibiotic-like’ code. This code effectively exploits the spreading capabilities of the Mirai malware. Upon gaining control, this worm then attempts to notify the owner or find a solution on its own by changing credentials, patching an update software or even upgrading its firmware.

“AntibIoTic scans the Internet looking for IoT weak devices. As soon as a vulnerable device is found, it is infected and sanitized in order to secure its perimeter and ensure that no other malwares are in execution on the same device,” researchers added. “Subsequently, the awareness notification is sent to the owner pointing out the security threats of the device and some possible countermeasures to solve them. Then, the scrupulous device owner looks at the notification and secures its device following the guidelines given by AntibIoTic. At this point, the IoT device is not vulnerable anymore thus the AntibIoTic intent has been reached and it can terminate its execution freeing the device.”

The Mirai source code was notably published on Github after an initial release on hacker forums. Industry observers warned that the public release of the source code would give rise to new threats and bad actors looking to infiltrate cybersecurity defenses. The silver lining of the release sees white hat researchers using the same code to find vaccines for the destructive bot-army malware. 

The complete whitepaper can be found here.

Image credit: Pixabay.