Developer Pulls Anti-Mirai IoT Worm After Backlash

A software engineer has published the source code for an experimental “anti-worm” intended as a possible remedy for insecure connected devices, such as those that helped power a widely disruptive denial-of-service attack earlier this month.

Leo Linsky based his “anti-worm worm (or nematode)” on the source code of Mirai (Japanese for “future”), a botnet control system whose developer recently made it public.

IoT issue

Security researchers have warned for years of the dangers posed by connected gadgets such as set-top boxes and webcams, but the issue reached a new level of public attention earlier this month following an attack on DNS service provider Dyn.

The massive distributed denial-of-service attack, which temporarily cut off access to sites such as Amazon, Twitter, Reddit and Spotify, was in part fuelled by a Mirai botnet drawing on thousands of such devices.

The devices in question were easily hacked because they were configured using default access credentials, meaning anyone who knew the default settings could log in and take control.

The problem is difficult to address, since billions of such devices are already in use, often by individuals with little awareness of online security issues.

Linsky said the code was intended as a proof-of-concept to show that a worm could be one way of approaching the problem.

Proof of concept

“The idea is to show that devices can be patched by a worm that deletes itself after changing the password to something device-specific or random,” he wrote on the project’s page on the GitHub code repository. “Such a tool could theoretically be used to reduce the attack surface.”

However, he warned that the code was intended only to be “tested in closed research environments” and should be used at developers’ “own risk”, and quickly pulled the code following criticism from security experts.

As of Tuesday morning the code was no longer available on Linsky’s GitHub page. Linsky did not immediately respond to a request for comment.

Technical challenges

Discussion boards commenting on the code noted that deploying such a worm would go against computer security laws in a number of countries, including that of the UK.

A security researcher said that legal issues aside, the use of such an automated tool is impractical as its actions are outside the user’s control.

“Anyone releasing the ‘anti-worm worm’ has no control over how it would spread, or the resources it might gobble up as it scours the Internet looking for more vulnerable devices to patch,” said researcher Graham Cluley in a blog post.

It would be difficult for such a program to distinguish legitimate targets from critical systems that shouldn’t be tampered with or honeypots set up by researchers to attract malware, while hackers might also use the worm’s code to develop their own malicious tools, he said.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Goes On Trial In US Over Ad Tech Dominance

US trial of Google over ad tech market power begins, with forced divestiture of ad…

7 mins ago

US DOJ To Propose Google Penalties By End Of Year

US judge gives Justice Department until end of year to formulate plan for Google punishment…

7 hours ago

Trump ‘To Appoint Musk’ To Gov’t Efficiency Role If Elected

Donald Trump says he would appoint Elon Musk to lead government efficiency commission if elected,…

8 hours ago

Australian Official Received Death Threats After Musk Criticism

Australian eSafety commissioner says she received death threats after Musk criticised her for trying to…

8 hours ago

Man Arrested After ‘Earning Millions’ From AI Music Tracks

US man allegedly earned more than $10m in royalties streaming hundreds of thousands of fake…

9 hours ago

NCSC Calls Out Cyber-Attacks From Russia’s GRU

UK's NCSC and allies outline campaign of attacks from unit of Russia's military intelligence service…

9 hours ago