Mirai is malware that turns Internet of Things (IoT) devices into remotely controlled botnets that can be used in large-scale distributed denial of service (DDoS) attacks. It primarily targets online consumer devices such as cameras, printers, routers, home theater systems, smart thermostats and other online appliances.
Mirai continuously scans the internet for these IoT devices and infects them by using a table of common factory default usernames and passwords to log into them.
With the release of the Mirai source code on the Internet, there are increased risks of more botnets being generated. Botnet attacks can severely disrupt an organization’s communications or cause significant financial harm.
Software that is not designed to be secure contains vulnerabilities that can be exploited. Software-connected devices collect data and credentials that could then be sent to an adversary’s collection point in a back-end application.
In order to remove the malware from an infected IoT device, users and administrators should take the following action:
Disconnect device from the network.
While disconnected from the network and Internet, perform a reboot. Mirai malware exists in dynamic memory, rebooting the device clears the malware.
Ensure that the password for accessing the device has been changed from the default to something stronger.
Contact your IoT device manufacturer to get help with security patches and updated firmware.
Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
You should reconnect to the network only after rebooting and changing the password. If you reconnect before changing the password, the device could be quickly re-infected with the Mirai malware.