Google Play icon

Update: Symantec discovers Linux.Darlloz worm targetting embedded systems

Posted December 3, 2013

Kauro Hayashi of Symantec announced the discovery of a malicious worm, named Linux.Darlloz, infecting Linux powered embedded systems. The worm seems to be targeted at the ‘Internet of things’, basically, any device capable of obtaining an IP address and connecting to the Internet. Common examples include home routers, security cameras and set-top boxes. Linux is widely used in such devices.

The worm exploits a vulnerability in PHP which was patched more than one and half years back, in May 2012. This worm currently targets the x86 architecture. However, variants for  ARM, PPC, MIPS and MIPSEL have been found on the server hosting this worm. As can be inferred, an opportunity presents itself to the worm to propagate and infect a huge number of devices.

As per the post, the worm propagates by finding out devices which use familiar login credentials. For e.g. many routers are set up with default login and password which use common keywords. Once the worm is able to successfully hack into a system, it downloads itself into the device, generates random IP addresses to find the next victim. Currently, the worm seems only to propagate and has not known to perform any other malicious action.

Symantec recommends the following actions to protect a system from attack –

  1.  Verify all devices connected to the network
  2. Update their software to the latest version
  3. Update their security software when it is made available on their devices
  4. Make device passwords stronger
  5. Block incoming HTTP POST requests to the following paths at the gateway or on each device if not required:
    • /cgi-bin/php
    • -/cgi-bin/php5
    • -/cgi-bin/php-cgi
    • -/cgi-bin/php.cgi
    • -/cgi-bin/php4

What complicates matters is that users may not even know that they are at risk as vendors of routers or set-top boxes are extremely lazy to keep such devices updated.

Source: Muktware

Featured news from related categories:

Technology Org App
Google Play icon
87,043 science & technology articles

Most Popular Articles

  1. You Might Not Need a Hybrid Car If This Invention Works (January 11, 2020)
  2. Toyota Raize a new cool compact SUV that we will not see in this part of the world (November 24, 2019)
  3. An 18 carat gold nugget made of plastic (January 13, 2020)
  4. Human body temperature has decreased in United States, study finds (January 10, 2020)
  5. Donkeys actually prefer living in hot climate zones (January 6, 2020)

Follow us

Facebook   Twitter   Pinterest   Tumblr   RSS   Newsletter via Email