DDoS-For-Hire service now advertising renting out a 400,000 bots strong Mirai botnet
The two hackers claimed that they had access to Mirai’s source code much before a hacker going by the pseudonym Anna_Senpai, made its source code public iStock

A DDoS-for-hire service, run by two hackers going by the pseudonyms Popopret and BestBuy, is now reportedly advertising a Mirai botnet up for rent. The Mirai botnet allegedly comprises of over 400,000 infected bots and may have been sired from the original Mirai source code.

Security researchers believe that the hackers renting out the botnet may likely be the operators of the largest known Mirai botnet. Popopret and BestBuy are also believed to have been behind the GovRAT malware, which was reportedly used to target the US government and businesses.

According to a report by Bleeping Computer, renting the botnet does not come cheap. Customers desiring to rent the botnet must do so for a minimum of two weeks. However, clients can determine the amount of bots, the attack duration and the DDoS cooldown (a term which refers to the length of time between consecutive attacks).

Providing an example of the rates for renting the botnet, Popopret claimed, "price for 50,000 bots with attack duration of 3600 secs (1 hour) and 5-10 minute cooldown time is approx 3-4k per 2 weeks."

Popapret and BestBuy's Mirai botnet is a more evolved version of the original botnet. The two hackers have added new features, such as brute-force attacks via SSH and support for exploiting zero-day vulnerabilities. According to two security researchers, going by handle 2sec4u and MalwareTech on Twitter, some of the newly created Mirai botnets can now carry out DDoS attacks by spoofing IP addresses and may also be capable of bypassing DDoS mitigation systems.

The two researchers have been tracking Mirai botnets since the high-profile DDoS attack leveraging Mirai nearly took down the US internet in late October. The duo's Twitter account @MiraiAttacks monitors all Mirai-related activity. According to MalwareTech, one of the largest Mirai botnets that they have been tracking, dubbed 'Botnet #14,' was the same botnet leveraged in attacks that attempted to shut down Liberia's entire internet.

Popopret and BestBuy allegedly refrained from providing evidence of their botnet's capabilities, in efforts to avoid detection. However, the two hackers claimed that they had access to Mirai's source code much before a hacker going by the pseudonym Anna_Senpai, made its source code public. The hackers' claims indicate that the duo may be possibly linked to Anna_Senpai, who is also believed to be Mirai's creator.