Linux Worm Targeting Internet Of Things Discovered

The Internet of Things was always set to be a trend that would interest hackers and today researchers have described a piece of Linux malware that appears to be targeting machine-to-machine devices.

The Darlloz worm was seen using an old PHP vulnerability to spread, according to Symantec. Although the fix was issued in March 2012, it’s unclear how well patched machine-to-machine systems are. A Proof of Concept (PoC) exploit which the attacker appears to be using was publicised in late October.

Internet of Vulnerabilities

“The worm is capable of attacking a range of small, Internet-enabled devices in addition to traditional computers,” Symantec said in a blog post. “Variants exist for chip architectures usually found in devices such as home routers, set-top boxes and security cameras.”

No attacks have been reported in the wild, but given the niche area the Linux worm is operating in, many may simply not know they have been infected.

Linux is the operating system of choice on many automated, connected devices, from routers to industrial control systems, many of which also use interfaces delivered via Apache Web servers and PHP servers. Intel x86 systems appear to be the main target of Darlloz.

But the attacker is also sitting on variants for other architectures including ARM, PPC, MIPS and MIPSEL. That would indicate the attacker is highly interested in the Internet of Things.

“Vendors of devices with hidden operating systems and software, who have configured their products without asking users, have complicated matters. Many users may not be aware that they are using vulnerable devices in their homes or offices,” Symantec added.

“Another issue we could face is that even if users notice vulnerable devices, no updates have been provided to some products by the vendor, because of outdated technology or hardware limitations, such as not having enough memory or a CPU that is too slow to support new versions of the software.”

The security giant recently said it believes 2014 will be the year the Internet of Things becomes the Internet of Vulnerabilities. Many have concerns around the drive to connect everything and its impact on privacy.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • Very simple , why do you need to connect things to the internet? I mean really? A toaster? A fridge? A garage? I don't care. These are not utilities that we need.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

7 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

8 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

9 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

10 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

13 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

13 hours ago