Variant of the Mirai botnet used in 54 hour attack on US college

Researchers suspect that a variant of the Mirai botnet was used to attack a US college in an attack that lasted 54 hours and sent 2.8 billion requests.

The Mirai botnet has been notoriously linked with the attack to Brian Krebs last year alongside a number of other high profile attacks that brought down Twitter, Reddit and Netflix in 2016. The author of the Mirai worm, uncovered by author of Krebs on Security, Brian Krebs, was a young developer brought over to the dark side after specialising in cyber security – and it appears others have picked up his mantle.


Last year, the Mirai botnet infected over 2,000 home routers across the UK alone. Now reseachers at Imperva Incapsula believe they have discovered a new variant of the malware. Speaking to Silicon, the researchers claimed:

“Given the success of those attacks, along with the public availability of the Mirai source code, it was clearly only a matter of time before botnet herders began experimenting with new versions of the malware,”. And that appears to be what has happened in the recent attacks.

“The average traffic flow came in at over 30,000 RPS and peaked at around 37,000 RPS – the most we’ve seen out of any Mirai botnet. In total, the attack generated over 2.8 billion requests,” they wrote.

“Based on a number of signature factors, including header order, header values and traffic sources, our client classification system immediately identified that the attack emerged from a Mirai-powered botnet.”. Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs and routers.”

“Looking at the bigger picture, this variant of Mirai might be a symptom of the increased application layer DDoS attack activity we saw in the second half of 2016. That said, with over 90 percent of all application layer assaults lasting under six hours, an attack of this duration stands in a league of its own.”

An attack of this size and duration is a warning shot for organisations around the globe as they prepare their systems to withstand gigantic attacks capable of bringing servers to their knees – for over two days.