On Monday, the security researcher known as MalwareTech released a map showing, in real-time, infections of Mirai across the world.
Last weekend, a hacker publicly released the code of "Mirai", the piece of Internet of Things malware that was used to create some of the most powerful botnets ever. Those botnets fired record breaking attacks at well-known security journalist Brian Krebs's site, as well as a popular server provider company.
Naturally, this is a notable event for security researchers. But with one tool, ordinary, non-technical citizens can watch the malware spread too.
As MalwareTech explains in a blog post, the scanner uses hundreds of custom servers designed to emulate vulnerable internet of things devices. These act as honeypots, and report when someone, somewhere, tries to hack them.
"It's a stream from the sensors; as soon as you connect it will notify you of each hit," MalwareTech told Motherboard in a Twitter message.
Serbia, China, Brazil, Russia, India, Pakistan: the list of affected countries goes on and on, as this capture of the map shows:
"Nothing stood out, just that the botnet was mostly CCTV cameras," MalwareTech continued.
At the end of September, Krebs' site Krebs on Security was the victim of a record-breaking DDoS attack of around 660 GBps of traffic. DDoS-protection service Akamai, which had been providing Krebs with pro-bono protection, had to drop the journalist from their network. Two botnets were behind that attack, consisting of around 980,000 and 500,000 devices respectively, according to Level 3 Communications, one of the world's largest internet backbone providers.
What made these botnets stand out, apart from their raw power, was that they consisted almost exclusively of internet connected cameras, and other "smart" devices. Days after the attack on Krebs, French hosting provider OVH later reported seeing attacks of 900 Gbps and 1 Tbps.
Now, everyone can bask, or recoil in terror, at the sight of lowly cameras forming ever more powerful botnets.