A New Worm Exploiting Linux-based “Internet of Things”

Leading security software vendor, Symantec has detected a new Linux worm which attempts slithering Linux-based computers and ‘Internet of things’ devices. Then, are too many Internet-enabled “Internet of things” devices unsafe to use until we are get rid of such slithering worms and threats.

How and what devices are most vulnerable to Linux.Darlloz worm?

Researchers at Linux have detected and reported a new worm dubbed as Linux.Darlloz which is capable of intruding a plethora of “Internet of things” devices and Linux-based computers. Though Linux.Darlloz has been classified as a low-level threat, but the malware can make minor modifications and use variants which may include executable and linkable format (ELF) files. Then, the malware will be capable of spreading these ELF files to the “Internet of things” devices such as webcam, cameras, routers, and other Internet-connected devices. Furthermore, Linux has specified devices that contain chips made by ARM and those devices that are based on MIPSEL, MIPS, and PPC and architectures are more susceptible to be infected by this Linux.Darlloz worm.

Kaoru Hayashi, Symantec researcher, has published his blog on Wednesday that –

“Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.”   

Internet of things or Internet of threats?

Symantec researcher has warned that the Linux.Darlloz worm attacker is now targeting to plant ELF files on other architectures. Hence, consumers are cautioned that they must do their research before purchasing a new Internet-connected device and consumers using such devices must update the device from time to time to be able to block such newly formed worms. They should also change default password and keep changing the password from time to time to prevent intrusion of such worms and threats.

Leave a Reply

Your email address will not be published. Required fields are marked *