[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] New Linux worm targets routers, cameras, "Internet of things" devices
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-11-28 9:34:19
Message-ID: alpine.DEB.2.02.1311280933580.5844 () infosecnews ! org
[Download RAW message or body]

http://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-internet-of-things-devices/

By Dan Goodin
Ars Technica
Nov 27 2013

Researchers have discovered a Linux worm capable of infecting a wide range 
of home routers, set-top boxes, security cameras, and other consumer 
devices that are increasingly equipped with an Internet connection.

Linux.Darlloz, as the worm has been dubbed, is now classified as a 
low-level threat, partly because its current version targets only devices 
that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in 
a blog post published Wednesday. But with a minor modification, the 
malware could begin using variants that incorporate already available 
executable and linkable format (ELF) files that infect a much wider range 
of "Internet-of-things" devices, including those that run chips made by 
ARM and those that use the PPC, MIPS, and MIPSEL architectures.

"Upon execution, the worm generates IP addresses randomly, accesses a 
specific path on the machine with well-known ID and passwords, and sends 
HTTP POST requests, which exploit the vulnerability," Hayashi explained. 
"If the target is unpatched, it downloads the worm from a malicious server 
and starts searching for its next target. Currently, the worm seems to 
infect only Intel x86 systems, because the downloaded URL in the exploit 
code is hard-coded to the ELF binary for Intel architectures."

The researcher went on to say the attacker behind the Intel version is 
also hosting ELF files that exploit the other chip architectures.

[...]



--
Dean Bushmiller teaches a great 5-Day CISM in Albany NY Dec. 2  6.
Call 327-937-9786 for details.
[prev in list] [next in list] [prev in thread] [next in thread]