Researcher develops worm to fight Mirai botnet
Researcher Scott Tenaglia found a stack buffer overflow vulnerability in the Mirai code which could be used to crash bots and shut down Mirai attacks.
▻http://www.theregister.co.uk/2016/10/28/mirai_botnet_hack_back
Now, a GitHub user going by Leo Linsky has forked a repo created by researcher Jerry Gamblin to create an anti-worm “nematode” that could help to patch vulnerable devices used in the Mirai DDoS attacks. (the code is unfortunately no longer available)
▻http://www.theregister.co.uk/2016/10/31/this_antiworm_patch_bot_could_silence_epic_mirai_ddos_attack_army
A Nematode is a controlled worm that can be used for beneficial purposes, such as self-healing networks.
The worm goes further and can be used to break into woefully insecure internet-of-things devices and change the default Telnet credentials within.
Doing so would lock Mirai and other malware users out of the devices, along with legitimate administrators.
“This is a purely academic research project intended to show a proof of concept anti-worm worm, or nematode, for the types of vulnerabilities exploited by Mirai,” Linsky says.
"The idea is to show that devices can be patched by a worm that deletes itself after changing the password to something device- specific or random.
Unleashing the nematode would breach computer crime laws in the US, UK, and Australia, and likely in many other countries where unauthorised use and modification of computer equipment is an offense.
More on Mirai