https://www.bleepingcomputer.com/news/security/security-firms-almost-brought-down-massive-mirai-botnet/
"Following a failed takedown attempt, changes made to the Mirai
malware variant responsible for building one of today's biggest
botnets of IoT devices will make it incredibly harder for authorities
and security firms to shut it down," reports Bleeping Computer.
Level3 and others" have been very close to taking down one of the
biggest Mirai botnets around, the same one that attempted to knock the
Internet offline in Liberia, and also hijacked 900,000 routers from
German ISP Deutsche Telekom.The botnet narrowly escaped due to the
fact that its maintainer, a hacker known as BestBuy, had implemented a
domain-generation algorithm to generate random domain names where he
hosted his servers.
Currently, to avoid further takedown attempts from similar security
firms, BestBuy has started moving the botnet's command and control
servers to Tor. "It's all good now. We don't need to pay thousands to
ISPs and hosting. All we need is one strong server," the hacker said.
"Try to shut down .onion 'domains' over Tor," he boasted, knowing that
nobody can.