Linux worm discovered in "internet of Things" devices

Worm could target unpatched routers, set-top boxes and security cameras.

A security researcher has found a piece of malware that appears to target the "internet of things".

Kaoru Hayashi, a security researcher at Symantec discovered the worm called Linux.Darlloz, which he claims is capable of attacking a range of small, internet-enabled devices in addition to traditional computers.

Hayashi said that no attacks against devices such as home routers, set-top boxes and security cameras have been found in the wild but warned that most users would not realise they were at risk as they would be unaware that their own devices ran on Linux.

The worm exploits a PHP vulnerability to propagate itself in the wild and uses an old PHP vulnerability that was patched in May last year, according to the researcher's blog posting. The attacker recently created the worm based on the proof of concept (PoC) code released in late Oct 2013.

On execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target.

"Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures," said Hayashi.

He said that because Linux has been ported to various architectures other than Intel, there is a chance that the worm could spread to other small devices with different processors.

"The attacker is apparently trying to maximise the infection opportunity by expanding coverage to any devices running on Linux. However, we have not confirmed attacks against non-PC devices yet," he said.

Symantec has verified that the attacker already hosts some variants for other architectures including ARM, PPC, MIPS and MIPSEL on the same malicious server.

The firm warned users to verify all devices connected to the network, update their software to the latest version and update their security software when it is made available on their devices.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020