Developer Pulls Anti-Mirai IoT Worm After Backlash

A software engineer has published the source code for an experimental “anti-worm” intended as a possible remedy for insecure connected devices, such as those that helped power a widely disruptive denial-of-service attack earlier this month.

Leo Linsky based his “anti-worm worm (or nematode)” on the source code of Mirai (Japanese for “future”), a botnet control system whose developer recently made it public.

IoT issue

Security researchers have warned for years of the dangers posed by connected gadgets such as set-top boxes and webcams, but the issue reached a new level of public attention earlier this month following an attack on DNS service provider Dyn.

The massive distributed denial-of-service attack, which temporarily cut off access to sites such as Amazon, Twitter, Reddit and Spotify, was in part fuelled by a Mirai botnet drawing on thousands of such devices.

The devices in question were easily hacked because they were configured using default access credentials, meaning anyone who knew the default settings could log in and take control.

The problem is difficult to address, since billions of such devices are already in use, often by individuals with little awareness of online security issues.

Linsky said the code was intended as a proof-of-concept to show that a worm could be one way of approaching the problem.

Proof of concept

“The idea is to show that devices can be patched by a worm that deletes itself after changing the password to something device-specific or random,” he wrote on the project’s page on the GitHub code repository. “Such a tool could theoretically be used to reduce the attack surface.”

However, he warned that the code was intended only to be “tested in closed research environments” and should be used at developers’ “own risk”, and quickly pulled the code following criticism from security experts.

As of Tuesday morning the code was no longer available on Linsky’s GitHub page. Linsky did not immediately respond to a request for comment.

Technical challenges

Discussion boards commenting on the code noted that deploying such a worm would go against computer security laws in a number of countries, including that of the UK.

A security researcher said that legal issues aside, the use of such an automated tool is impractical as its actions are outside the user’s control.

“Anyone releasing the ‘anti-worm worm’ has no control over how it would spread, or the resources it might gobble up as it scours the Internet looking for more vulnerable devices to patch,” said researcher Graham Cluley in a blog post.

It would be difficult for such a program to distinguish legitimate targets from critical systems that shouldn’t be tampered with or honeypots set up by researchers to attract malware, while hackers might also use the worm’s code to develop their own malicious tools, he said.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

52 mins ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

1 hour ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

3 hours ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

4 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

5 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

6 hours ago