Information Security News
mailing list archives
New Linux worm targets routers, cameras, "Internet of things" devices
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 28 Nov 2013 09:34:19 +0000 (UTC)
By Dan Goodin
Nov 27 2013
Researchers have discovered a Linux worm capable of infecting a wide range
of home routers, set-top boxes, security cameras, and other consumer
devices that are increasingly equipped with an Internet connection.
Linux.Darlloz, as the worm has been dubbed, is now classified as a
low-level threat, partly because its current version targets only devices
that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in
a blog post published Wednesday. But with a minor modification, the
malware could begin using variants that incorporate already available
executable and linkable format (ELF) files that infect a much wider range
of "Internet-of-things" devices, including those that run chips made by
ARM and those that use the PPC, MIPS, and MIPSEL architectures.
"Upon execution, the worm generates IP addresses randomly, accesses a
specific path on the machine with well-known ID and passwords, and sends
HTTP POST requests, which exploit the vulnerability," Hayashi explained.
"If the target is unpatched, it downloads the worm from a malicious server
and starts searching for its next target. Currently, the worm seems to
infect only Intel x86 systems, because the downloaded URL in the exploit
code is hard-coded to the ELF binary for Intel architectures."
The researcher went on to say the attacker behind the Intel version is
also hosting ELF files that exploit the other chip architectures.
Dean Bushmiller teaches a great 5-Day CISM in Albany NY Dec. 2 6.
Call 327-937-9786 for details.
- New Linux worm targets routers, cameras, "Internet of things" devices InfoSec News (Nov 28)