The Evolution of Bashlite and Mirai IoT Botnets

The Evolution of Bashlite and Mirai IoT Botnets

Vulnerable IoT devices are powerful platforms for building botnets that cause billion-dollar losses every year. In this work, we study Bashlite botnets and their successors, Mirai botnets. In particular, we focus on the evolution of the malware as well as changes in botnet operator behavior. We use...

Full description

Saved in:
Bibliographic Details
Published in:2018 IEEE Symposium on Computers and Communications (ISCC) pp. 00813 - 00818
Main Authors: Marzano, Artur, Alexander, David, Fonseca, Osvaldo, Fazzion, Elverton, Hoepers, Cristine, Steding-Jessen, Klaus, Chaves, Marcelo H. P. C., Cunha, Italo, Guedes, Dorgival, Meira, Wagner
Format: Conference Proceeding
Language:English
Published: IEEE 01-06-2018
Subjects:
Botnet
Computer crime
Computers
IP networks
Malware
Monitoring
Servers
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Vulnerable IoT devices are powerful platforms for building botnets that cause billion-dollar losses every year. In this work, we study Bashlite botnets and their successors, Mirai botnets. In particular, we focus on the evolution of the malware as well as changes in botnet operator behavior. We use monitoring logs from 47 honeypots collected over 11 months. Our results shed new light on those botnets, and complement previous findings by providing evidence that malware, botnet operators, and malicious activity are becoming more sophisticated. Compared to its predecessor, we find Mirai uses more resilient hosting and control infrastructures, and supports more effective attacks.
DOI:10.1109/ISCC.2018.8538636