A security researcher has found a piece of malware that appears to target the "internet of things".
Kaoru Hayashi, a security researcher at Symantec discovered the worm called Linux.Darlloz, which he claims is capable of attacking a range of small, internet-enabled devices in addition to traditional computers.
Hayashi said that no attacks against devices such as home routers, set-top boxes and security cameras have been found in the wild but warned that most users would not realise they were at risk as they would be unaware that their own devices ran on Linux.
The worm exploits a PHP vulnerability to propagate itself in the wild and uses an old PHP vulnerability that was patched in May last year, according to the researcher's blog posting. The attacker recently created the worm based on the proof of concept (PoC) code released in late Oct 2013.
On execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target.
"Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures," said Hayashi.
He said that because Linux has been ported to various architectures other than Intel, there is a chance that the worm could spread to other small devices with different processors.
"The attacker is apparently trying to maximise the infection opportunity by expanding coverage to any devices running on Linux. However, we have not confirmed attacks against non-PC devices yet," he said.
Symantec has verified that the attacker already hosts some variants for other architectures including ARM, PPC, MIPS and MIPSEL on the same malicious server.
The firm warned users to verify all devices connected to the network, update their software to the latest version and update their security software when it is made available on their devices.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Power stations under attack from long-running hacking campaignNews Dragonfly threat group is ramping up activities, say researchers
-
Symantec profits surge as firms prop up their cyber defencesNews The company also announced plans to sell its web certificate business
-
Symantec to pay $4.65 billion to acquire Blue CoatNews Greg Clark to become Symantec CEO, promising new cloud security
-
Symantec ditches reseller guilty of scamming PC users
News Silurian told people they had malware, then sold them Norton Antivirus for $249
-
NATO builds up cyber alliance with Symantec tie-inNews Military industrial link up to fight cyber attacks
-
Junk emails fall to their lowest rate in 12 yearsNews Spam is dropping, says Symantec, but other malware threats are on the rise
-
Kaspersky: "We have never been asked to whitelist malware"News A company blog has revealed neither government nor any other entity has asked it to stop detecting malware
-
Symantec confirms split into separate security & storage entitiesNews Storage and security will be separated as Symantec tries to boost sales in both
