[tw04]

The problem is you're reading the situation wrong. Mirai isn't about an exploit, it's IoT devices that haven't had the default username/password changed.

Now, you might say "why doesn't a good samritan just login to all of those devices and change the password to something random?"

OK - ignoring the fact that THEY would be committing felonies in several countries... what happens when the device manufacturer wakes up and decides to patch these devices via that remote access? Suddenly the password doesn't work, and the end-user can't change it because... what's the procedure for changing the default ssh password on a light bulb?

Technically you could make the situation better by writing a worm that changes the passwords, but at this point even that is a lost cause since mirai has a command that will change the pw on all infected hosts.

[brightball]

I guess that's what I'm getting at though. If we were to scan for the affected devices, change the passwords and notify the manufacturer of the change and that it was made because their carelessness essentially endangered the internet it would make it possible for them to fix it.

You're plugging a leak and letting the owner know, hey this was leaking and I stopped it but you're going to need to address that.