A new Linux worm targets the Internet of Things
Posted on 28.11.2013
A new Linux worm - luckily still not spotted being used in the wild - has been unearthed by Symantec researchers.

Dubbed “Darlloz”, its targets are not just traditional computers, but also Internet-enabled devices such as home routers, set-top boxes, security cameras, and even industrial control systems. The worm inserts itself into target devices by exploiting a PHP vulnerability that has been patched as far back as May 2012.

“Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target,” explains researcher Kaoru Hayashi. “Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.”

But, the researchers have also discovered that the attacker has also created variants of the worm aimed at other architectures such as ARM, PPC, MIPS and MIPSEL - usually used in the aforementioned Internet-enabled devices. He or she apparently created the worm based on proof-of-concept code published late last month.

To prevent spreading the worm, users should update their systems and devices, but many won’t even know they use them, and if they do, there’s always the distinct possibility that an update has not been provided by the vendors due to a variety of reasons.

They should also consider updating their security software and making their devices’ passwords stronger, the researchers say, and block incoming HTTP POST requests to several specific paths at the gateway or on each device.









Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //