IoT Beware: Worm Hitting Devices

Thursday, March 20, 2014 @ 12:03 PM gHale


The Internet of Things (IoT) has such great potential, but security needs to be an overriding concern.

Just take a look at the latest worm hitting the cyber world. This new version of the Darlloz Linux worm targets Internet-enabled devices such as home routers and security cameras, computers running Intel x86 architectures and all thing IoT, researchers said.

RELATED STORIES
Talk to Me: Elevating Security Awareness
Attacks a Top Risk after Target Hack
Awareness Awakening: Firms Assume Compromise
ARC: Securing Internet of Things

First eyed in November, the worm was not very active, but now over 31,000 devices have ended up suffering from an infection, said researchers at Symantec.

“The author of the worm continuously updates the code and adds new features, particularly focusing on making money,” the researchers said in a blog post.

The current purpose of the worm is to mine crypto currencies such as Mincoin and Dogecoin – “Mincoin and Dogecoin use the scrypt algorithm, which can still mine successfully on home PCs whereas Bitcoin requires custom ASIC chips to be profitable,” the researchers said.

In order to do this, the worm installs open source coin mining software on the compromised computer. IoT devices do not fall victim to this because they lack the required memory and CPU power.

As in the previous version, Darlloz prevents other malware from installing on the computer or device it infected, and it also blocks attackers from entering the system via previously established backdoors by creating a new firewall route to prevent it.

The currently detected infections split between Intel based-computers and Linux servers, and Internet of Things (IoT) devices such as routers, printers, and so on.

The worm affects 139 regions, but over 50 percent of them have been located in China, the US, India, Taiwan and South Korea.

Researchers advise keeping software on computers and firmware IoT devices patched and updated, changing the default passwords on the latter devices, and blocking the connection on port 23 or 80 from outside if it’s not required.



Leave a Reply

You must be logged in to post a comment.