A Chinese electronics firm pegged by experts as responsible for making many of the components leveraged in last week’s massive attack that disrupted Twitter and dozens of popular Web sites has vowed to recall some of its vulnerable products, even as it threatened legal action against this publication and others for allegedly tarnishing the company’s brand.
Last week’s attack on online infrastructure provider Dyn was launched at least in part by Mirai, a now open-source malware strain that scans the Internet for routers, cameras, digital video recorders and other Internet of Things “IoT” devices protected only by the factory-default passwords. Once infected with Mirai, the IoT systems can be used to flood a target with so much junk Web traffic that the target site can no longer accommodate legitimate users or visitors.
In an interim report on the attack, Dyn said: “We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Krebs on Security
Oct. 24, 2016