Source code of DDoS botnet responsible for Krebs on Security attack posted online


TechSpot Editor
Staff member

Last week, famed security researcher Brian Krebs was forced to take his website, Krebs on Security, offline after it suffered one of the largest distributed denial-of-service attacks ever recorded. Now, the source code for the botnet used in the assault has been published online.

Krebs on Security was hit with 620 gigabits per second of junk data during the DDoS attack. While this wasn’t enough to bring down the site, Krebs’ hosting provider, Akamai Technologies, was forced to order it off the network. Akamai had been offering Krebs pro bono protection from attacks for years, but the size of this DDoS meant it couldn’t keep doing so without the financial impact affecting other customers.

Krebs on Security reported Saturday that the source code of the malware, known as Mirai, was announced on hacking community Hackforums. It seeks out vulnerable IoT products by scanning for systems protected by factory default or hard-coded usernames and passwords. The software turns these devices into vast networks of bots that can be used to launch DDoS attacks.

Krebs notes that as the source code is publicly available, it “virtually guarantees” the internet will be “flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.”

My guess is that (if it's not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth.

On the bright side, if that happens it may help to lessen the number of vulnerable systems.

According to Dale Drew, chief security officer at internet firm Level 3 Communications, these type of attacks are on the increase. "There is already a surge in botnet operators attempting to find and exploit IoT devices in order to gain access to uniform and sizable botnet networks," he said in an email to Ars Technica.

An even bigger DDoS attack took place later in the same month that Krebs on Security was targeted. French hosting firm OVH was hit with a record 1.1 Terabits per second of traffic.

The Mirai botnet and the one that targeted OVH are believed to control more than 1.2 billion devices, though the DDoS attacks against Krebs and OVH used only a fraction of them.

Krebs on Security was quickly up and running again following the attack, thanks to Alphabet's free Project Shield program.

Permalink to story.

Last edited by a moderator:


TS Enthusiast
Level 3 Communications is the main ISP here in Billings, MT. It seems as these attacks could be the source of the slow bandwidths I've been experiencing in the last few months. I recently traveled to Kalispell, MT. which I experienced fastest bandwidth speeds. I really hope we find a way to get control over the bandwidths, as we are all paying for the service to be provided, & for the security needs to be second to none.

Darius Moon

TS Member
I heard it used an exploit in a specific manufacturer of devices. You say now, it was due to users using an easy to guess password or users left it at default settings when they plugged it into the world?


TS Booster
Wow 620gb a sec of junk data. that is worst than a hurricane or even a tsunami. I have seen things but not an attack like that