Symantec Discovers Darlloz a Linux Based Worm

Symantec the security company has just found one fresh Linux-based worm that researchers have named Darlloz. This malware infects computers as well as potentially other devices linked up with the Internet, particularly security cameras, set-top boxes, routers as well as industrial control servers which have Linux operating system.

Security researchers found that the worm disseminated via abusing one PHP security flaw for which a patch was issued during May 2012. For creating Darlloz, the malware author resorted to a proof-of-concept that became public during October 2013.

As accords to Kaoru Hayashi, Researcher with Symantec, Darlloz has been categorized as one low-risked malware, the reason somewhat being that its present variant attacks solely devices which are connected to CPUs that Intel has designed. Arstechnica.com published this dated November 28, 2013.

However, if the malware is slightly modified, it may start utilizing versions, which include in them existing ELF (executable and linkable format) files, which contaminate even more Internet-based systems, like those which run chips major companies beside Intel have made.

Hayashi explains that when the worm becomes active on any infected device, it produces random Internet Protocol (IP) addresses; acquires particular path using popular ID as well as passwords on that device; along with transmitting HTTP POST queries that piggy-back on the flaw. For any target system that isn't patched, the system downloads the malware after which the latter begins hunting subsequent targets, the researcher adds. Computerworld.com published this dated November 27, 2013.

Symantec researchers stated that many end-users mightn't know they were utilizing attack-prone devices both at work places and homes. Still one more problem potentially encountered was that despite end-users being wary of attack-prone systems, security vendors hadn't really supplied updates for certain products, possibly due to hardware constraints else obsolete technology like constraints of sufficient memory else an excessively slow CPU that didn't support fresh editions of the applications.

Therefore, for remaining safe from Darlloz, Symantec advises end-users towards checking every device online; making software up-to-date; making security software up-to-date as it's deployed on their systems; strengthen system passwords; and eventually block inbound HTTP POST queries that follow certain specific paths.

» SPAMfighter News - 12/6/2013