Mirai is one of the famous malwares that uses IoT bots to perform the most massive DDoS attack in botnet history. This research main objective is to answer two questions, What IoT vulnerabilities are exploited by Mirai malware and How to detect whether an IoT device is infected or not with Mirai malware. To answer these questions, this work it provides an overview of the Mirai historical events, operations, attack types, and reviews of the famous variants and, finally, the Mitigation process. Second, it provides a python-based algorithm to detect infected devices. The methodology of detection is based on the study of the Mirai bot scanning mechanism. The research uses a network traffic dataset published by the University of South California (USC) to study the bots scanning mechanism. The dataset study reveals unique network signatures of the Mirai bots, Leveraging the Mirai signatures identified a bot detection algorithm is proposed. Finally, the algorithm was tested on all five datasets that are related to the Mirai host brute-force. For each PCAP file, the algorithm detects the IP issuing network scanning, also the one issuing the brute-force attack.