Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.


We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

BestBuy Hackers Are Offering Mirai Botnet To Fellow Hackers As a Paid DDoS Service



All are introduced with Mirai Botnet. This botnet is becoming cancer for IoT devices. Hackers have performed major DDoS attack by using this Mirai Botnet. Hackers can easily compromise poorly configured IoT (internet of things) devices with the help of Mirai Botnet. DDoS attack on DynDNS service was the result of compromised IoT devices. Moreover, the largest DDoS attack till the date was performed by hackers on French web hosting company OVH by compromising more than 400000 IoT devices. It was possible only with Mirai Botnet. Servers of OVH were getting traffic of 1Tbps. The DDoS attack on security journalist Brian Krebs website is at number two for getting highest traffic packets.


Hackers are using this botnet to perform DDoS attacks against high-profile websites. A spokesperson of security firm Bleeping Computer said that in the black market, hackers are offering Mirai Botnet with 400000 compromised IoT devices to their fellow hackers as a paid DDoS service. The hackers with monikers Popopret and Best Buy are offering this Mirai botnet. Some security experts are saying that “Popopret and Best Buy” are the same hackers. It is the largest botnet ever, which has been offered by hackers for rent


Popapret and BestBuy Hackers

It is not the first time when these hackers are selling anything in the black market. Do you remember GovRAT malware? BestBuy hackers are the authors of this GovRAT malware which was targeting government organizations of United States. Later, BestBuy was selling this malware in the black market with its source code for 4.5 bitcoins. A digital code-signing certificate was also included in this deal.


On the other hand, Popopret meet BestBuy when they were selling GovRAT malware. According to security researchers of InfoArmor, BestBuy also started using the same moniker Popopret. That’s why it is not clear that the hackers who are offering Mirai Botnet are same or not. Hackers were spreading GovRAT malware through advanced spear-phishing attacks. Military and Govt. organizations of United States were the victims of GovRAT attacks. Hackers were stealing sensitive information from government agencies and were selling it on the black market.


Mirai Botnet DDoS Deal

BestBuy and Popopret are saying that they have added some new features in actual Mirai Botnet. This botnet is capable of performing brute force attacks on SSH protected forms and exploiting zero-day vulnerabilities. It is a costly deal and hackers are asking tenants to hire this botnet for the minimum time period of two weeks. If anyone wants to hire more bots, he has to pay more money. Cost also depends on attack duration. If tenants will use it for a long time, the more money they have to pay. BestBuy and Popopret are also giving a discount on long cool down time. The cool down time is the time between two back to back DDoS attacks.


BestBuy also released an example of their charging plans:


Time Period 2 Weeks

Number of Botnets = 50000

Attack Duration= 1 Hour (3600 Seconds)

Cool down Time= 5-10 Minutes

Total Cost= $3000- $4000


It seems like, BestBuy and Popopret want to test their modified Mirai Botnet by giving it to others. This botnet has been controlled by hackers through a console, which is hidden on a Tor Network. This hidden console could only be accessed through Telnet.


Similar Articles: 

French Web Hosting Giant OVH is Suffering DDoS Attack of 1Tbps

European Commission Hit By DDoS Attack

The Actual Story Behind Dyn DNS DDoS Attack!

Leave a Reply

Email id
Contact No

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.