The Mirai botnet is a malware strain which takes over internet of things devices in order to launch DDoS attacks. In December 2017, two co-authors of the botnet, Paras Jha and Josiah White, pleaded guilty for their roles in its development and use. They had both created a company which mitigated DDoS attacks, and used their botnet to target organisations that they would then either extort money from or offer the targeted companies their services to put a stop to the attacks.

In September 2016, the authors released the source code for the botnet on the hacker chat forum Hackforums, allowing others to make use of the capabilities of the malware to take over devices around the world. Within days, many botnets were in competition for the same pool of devices. A number of very disruptive DDoS attacks made use of Mirai soon after.

Additional Information

  • The botnet was known to be behind the attack on Brian Krebs’ website, KrebsOnSecurity, in Sept 2016. The site was forced to move and was rehoused under Google’s Project Shield, which protects journalists and others who may face similar issues.

  • Other botnets are known to have used Mirai as a building block to build more effective strains, such as Satori (which uses remote code injections) and Wicked (which targets Netgear routers and CCTV devices by using remote code execution).


Last updated: 31 May 2018