The internet of things (IoT) is a goofy name for all of the devices that connect to the internet to provide some additional function. Think of things like routers, IP cameras, thermostats, refrigerators, etc. There is malware out there that connects to unprotected devices and uses them to form a botnet which can then be put to nefarious use like a DDOS attack.

Someone just released the source code for one of these botnets, opening the door for more hackers to build variations of the original. From the source article:

“The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.”

“Sources tell KrebsOnSecurity that Mirai is one of at least two malware families that are currently being used to quickly assemble very large IoT-based DDoS armies. The other dominant strain of IoT malware, dubbed “Bashlight,” functions similarly to Mirai in that it also infects systems via default usernames and passwords on IoT devices.”

“Infected systems can be cleaned up by simply rebooting them — thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot.”

“On the not-so-cheerful side, there are plenty of new, default-insecure IoT devices being plugged into the Internet each day. Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected each day, Gartner estimates.”

Keeping all of your internet-connected devices behind a good router will help prevent malware. Always use protection!