Number:IRCNE2014032140
Date: 2014-03-28
According to “zdnet”, a Linux worm variant found in the wild targets routers, set-top boxes, and now PCs in order to mine for cryptocurrency.
According to research firm Symantec, a new Internet of Things (IoT) worm was discovered last November. Dubbed Linux.Darlloz, the worm targets computers running Intel x86 architectures, as well as devices running the ARM, MIPS and PowerPC architectures, such as routers and set-top boxes.
Preloaded with usernames and passwords in order to crack into such systems, a new variation has now been found, which continuously updates and is now making money through the mining of cryptocurrency.
Kaoru Hayashi, a senior development manager and threat analyst with Symantec, wrote that the new version focuses on finding Intel architecture PCs in order to install "cpuminer," an open-source mining program.
In Symantec's last scan, researchers found that 31,000 devices have been infected with the worm, with half of the infections based in India, China, South Korea, Taiwan, and the United States.
It is believed that the hackers capitalize on a backdoor in several router types, which can be exploited to gain remote access. However, this represents a threat to Darlloz if more malware is installed, and so the author implemented a feature to block the backdoor port by "creating a new firewall rule on infected devices to ensure that no other attackers can get in through the same back door."
In total, 31,716 identified IP addresses were infected. 43 percent of Darlloz infections compromised Intel based-computers or servers running on Linux, and 38 percent of Darlloz infections have affected a variety of IoT devices.
Symantec suggests that security patches are applied to all software installed on PCs or IoT devices, and passwords are changed from default settings. In addition, to further improve security, blocking connections on ports 23 and 80 are recommended.
- 13