Meris: new DDoS botnet breaks records & terrorizes the internet

A new botnet of about 250.000 infected devices is behind some of the biggest DDoS attacks of the summer, breaking the record for the largest volumetric DDoS attack twice, once in June and again this month.

The botnet is called Mēris, the Latvian word for "plague", and is mainly used to blackmail DDoS internet service providers and financial companies in various countries, such as Russia, the United Kingdom, the United States and New Zealand.


The team behind the botnet usually sends threatening emails to large companies asking for ransom. Emails target companies with an extensive web infrastructure and contain threats to downtime important servers if they do not pay a sum of digital currencies by a certain deadline.

If the victims do not pay, the hackers launch their botnet with smaller attacks in the beginning that increase significantly in size later, in order to exert more pressure.

Qrator Labs, a Russian DDoS mitigation service, described Meris as "a new botnet", after a series of attacks against Russian companies.

"In the last two weeks, we have seen devastating attacks on New Zealand, the United States and Russia, which we attribute to this botnet," said the company's researchers.

"Meris can flood almost any infrastructure, including some very powerful networks. "All of this is due to the enormous RPS power it has."

The reason Qrator Labs calls Meris unique is that before this summer, most DDoS attacks with RPS were very rare and had not occurred on this scale in the last five years.

Most botnets are usually configured to send as much unwanted traffic as possible to a target in classic "bandwidth attacks", which are measured in Gbps.

RPS attacks, called volumetric or application-layer DDoS attacks, are different because attackers focus on sending requests to the target server to flood the CPU and its memory.

Instead of hitting bandwidth with unwanted traffic, volumetric attacks focus on seizing server resources and eventually crashing them.

"In the last five years, there have been virtually no application-layer attacks on a global scale," says Qrator.

Things changed this summer with the appearance of Meris, which is based on a modified version of the old malware Mirai DDoS, according to internet infrastructure company Cloudflare, which also had to deal with some of his attacks.

But instead of focusing on bandwidth attacks, like most Mirai variants, the Meris focuses on volumetric attacks, obviously because they find them more efficient.

Meris broke the record for the largest volumetric DDoS attack twice. He did it for the first time earlier this summer, in June, when with an attack RPS 17,2 million DDoS hit a US financial company, according to Cloudflare, which had the nasty task of mitigating the attack.

Today, Qrator Labs reported that Meris outdid itself again during an attack this Sunday, September 5, which reached Rs 21,8 million.

Qrator said it had partnered with Yandex to mitigate the attack, which apparently hit Yandex servers. The target of the attack, however, was a Russian bank that maintained the e-banking portal of Yandex cloud service.

Qrator also said that after analyzing the source of most of the attack, it appears to be coming from devices of MikroTik, a small Latvian company that sells networking tools such as routers, IoT gateways, WiFi access points, switches and mobile network equipment. The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.098 registrants.
DDoS botnet, Meris, iguru,

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).