Feeds

Weird PHP-poking Linux worm slithers into home routers, Internet of Things

Targets x86 but ARM, MIPS, PPC mutants lurking, we're told

Protecting against web application threats using SSL

Symantec has stumbled across a worm that exploits various vulnerabilities in PHP to infect Intel x86-powered Linux devices. The security biz says the malware threatens to compromise home broadband routers and similar equipment.

However, home internet kit with x86 chips are few and far between – most network-connected embedded devices are powered by ARM or MIPS processors – so the threat seems almost non-existent.

But the security company claims that ARM and MIPS flavours of the Linux worm may be available, which could compromise broadband routers, TV set-top boxes, and similar gadgets now referred to as the "Internet of Things".

The software nasty attempts to use username and password pairs commonly used to log into home internet gear while compromising a device.

Specifically, the software nasty Linux.Darlloz takes advantage of web servers running PHP that can't grok query strings safely, allowing an attacker to execute arbitrary commands.

Once a system is infected, the worm scans the network for other systems running a web server and PHP. It then tries to compromise those devices by exploiting PHP to download and run an ELF x86 binary – if necessary, logging in with trivial username-password pairs such as admin-admin, as found in poorly secured broadband routers and similar kit. Once running on the newly infiltrated gadget, the worm kills off access to any telnet services running.

The malware does not appear to perform any malicious activity other than silently spreading itself and wiping a load of system files. Again, this software is built for x86 processors, which aren't really used widely in embedded kit, but ARM, PPC and MIPS versions may be available to download that will be more effective at targeting equipment present in millions of homes.

"Many users may not be aware that they are using vulnerable devices in their homes or offices," Symantec's Kaoru Hayashi wrote in a report about the malicious code.

"Another issue we could face is that even if users notice vulnerable devices, no updates have been provided to some products by the vendor, because of outdated technology or hardware limitations, such as not having enough memory or a CPU that is too slow to support new versions of the software."

To protect devices from attack, the company recommends users and administrators put basic security protections in place, such as changing device passwords from default settings, updating software and firmware on their devices, and monitoring network connections and architecture.

You can find more technical details here on Symantec's blog. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.