This is indeed shocking that now malicious cyber-criminals are providing DDoS hire services to fellow hackers and ambitious scammers.
Hackers going by the handle of Popopret and BestBuy (the same hacker was also selling Terrorist database on the darknet) are offering a DDoS-for-hire service where they are renting our Mirai botnet comprising of around 400,000 infected bots. Probably they have made extensive use of the leaked source code of Mirai malware. It must be noted that both these hackers made headlines when they targeted high-profile US government institutions and businesses using GovRAT malware.
According to Bleeping Computer, the botnet that is up for rent probably offers the largest collection of infected bots till date. It is also a fact that Mirai’s renting is quite expensive as interested customers are required to rent it out for at least two weeks’ time. The flip side is that, while renting it, customers can choose the number of bots, duration of the attack and the duration between consecutive attacks, which is called DDoS Cooldown.
Popopret posted some information about the duo’s asking rate for renting Mirai botnet:
“Price for 50,000 bots with attack duration of 3600 secs (1 hour) and 5-10 minute cooldown time is approx 3-4k per 2 weeks.”
Remember, Mirai played a vital role in the success of Internet’s largest ever DDoS attack on OVH hosting and the massive attack on Dyn DNS that forced major Internet platforms to go offline in the US and European countries.
It is clear that the botnet offered by Popapret and BestBuy is an evolved version of the original Mirai botnet because the hackers have added additional features like SSH supported brute-force attacks to exploit zero-day vulnerabilities.
Two researchers using the usernames 2sec4u and MalwareTech on Twitter revealed that the new version of a botnet can easily conduct DDoS attacks by fooling IP addresses and bypassing DDoS mitigation mechanisms.
However, the two hackers haven’t provided proof of how their botnet avoids detection. They have claimed that they had the source code of Mirai malware way before it was made public. Let’s see what’s coming next for the Internet when it comes to DDoS attacks.