Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 03 December 2013 12:03

Symantec identifies Internet of Things worm

By

Symantec has identified a new worm that can potentially infect embedded devices within your home or business network.

Symantec researchers have detected a worm which seeks susceptible online hosts and then propagates itself. That’s what a worm does and they are never pleasant or fun; what makes this worm noteworthy is it carries a greater risk to so-called smart devices rather than computers and servers.

First, the worm – dubbed Linux.Darlloz – generates random IP addresses. It does not scan or probe a network in any meaningful way, but simply tries random attacks.

Upon choosing a target, the worm attempts to exploit a PHP vulnerability that was patched in May 2012. It will strive to invoke the following folders or executables on its target machine:

~/cgi-bin/php
~/cgi-bin/php5
~/cgi-bin/php-cgi
~/cgi-bin/php.cgi
~/cgi-bin/php4

If the attack is successful, the worm will download a new executable program, which is hard-coded to the ELF binary for Intel x86 architectures.

The worm then repeats itself, on the new device, ad infinitum.

What does this mean and who is vulnerable, you will ask. While any malicious program is a concern, it is important to be level-headed and consider the conditions required for a successful attack.

Given the exploit is one that was patched 18 months ago the probable risk to servers is low, but it is immediately prudent for systems administrators to ensure their PHP modules are up-to-date. This is always good advice for Internet-facing equipment.

Unless there is a compelling reason not to do so, the above listed PHP targets should be blocked from receiving inbound POST requests.

Next, if your server is not running PHP, or is not running Linux on an Intel x86 platform, then the worm cannot infect it. The exploit attempts may be annoying in the sense of wasteful traffic, but there is no risk of infection. Given most servers – at least for business – would be 64-bit (whether Intel or not) the number of viable targets for the worm would appear very low.

This brings us to the so-called “Internet of things”. This is where Symantec sees the risk. After all, if your server is not 64-bit, is not Intel, is not unpatched, then it is not a target.

Yet, if your BluRay player, your smart TV, your router, or other so-called “smart” devices is exposed to the Internet then it may be a target. Linux is a popular operating system choice for embedded devices because it is a freely available and highly configurable platform, with lean memory requirements and a rich repository of networking and media code.

What operating system do the smart devices in your home run? When was the last time you updated its firmware? Chances are you do not know or do not recall. Here is where the risk comes in – except, again, the worm targets Intel x86 processors. It is more likely these devices will be running an ARM or PPC or MIPS architecture, designed for low power consumption.

Still, the risk exists, and knowing of the problem is the first step, and knowing where to focus your efforts is the next.

Our recommendation is to identify and record the network-connected non-computer devices in your home – routers, switches, TVs, TiVos, PVRs, printers, BluRay players and others. Attempt to determine the operating system they run and their processor architecture. Visit vendor web sites to determine if these devices have embedded web servers (if you can browse to the device by its IP address and a web page comes up then they do) and to obtain any firmware upgrades that may have been released.

Of course, ensure your traditional computing devices are also current with patches too.

This is by no means the first Linux worm, and most certainly it will not be the last. It is notable however for the risk it potentially poses to devices that most people would not ordinarily think about when considering “computer security”. By understanding the specific conditions that must be met before infection can occur it is possible to keep a calm and level-head and to take action which will ensure you remain protected.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments