Feeds

Weird PHP-poking Linux worm slithers into home routers, Internet of Things

Targets x86 but ARM, MIPS, PPC mutants lurking, we're told

Build a business case: developing custom apps

Symantec has stumbled across a worm that exploits various vulnerabilities in PHP to infect Intel x86-powered Linux devices. The security biz says the malware threatens to compromise home broadband routers and similar equipment.

However, home internet kit with x86 chips are few and far between – most network-connected embedded devices are powered by ARM or MIPS processors – so the threat seems almost non-existent.

But the security company claims that ARM and MIPS flavours of the Linux worm may be available, which could compromise broadband routers, TV set-top boxes, and similar gadgets now referred to as the "Internet of Things".

The software nasty attempts to use username and password pairs commonly used to log into home internet gear while compromising a device.

Specifically, the software nasty Linux.Darlloz takes advantage of web servers running PHP that can't grok query strings safely, allowing an attacker to execute arbitrary commands.

Once a system is infected, the worm scans the network for other systems running a web server and PHP. It then tries to compromise those devices by exploiting PHP to download and run an ELF x86 binary – if necessary, logging in with trivial username-password pairs such as admin-admin, as found in poorly secured broadband routers and similar kit. Once running on the newly infiltrated gadget, the worm kills off access to any telnet services running.

The malware does not appear to perform any malicious activity other than silently spreading itself and wiping a load of system files. Again, this software is built for x86 processors, which aren't really used widely in embedded kit, but ARM, PPC and MIPS versions may be available to download that will be more effective at targeting equipment present in millions of homes.

"Many users may not be aware that they are using vulnerable devices in their homes or offices," Symantec's Kaoru Hayashi wrote in a report about the malicious code.

"Another issue we could face is that even if users notice vulnerable devices, no updates have been provided to some products by the vendor, because of outdated technology or hardware limitations, such as not having enough memory or a CPU that is too slow to support new versions of the software."

To protect devices from attack, the company recommends users and administrators put basic security protections in place, such as changing device passwords from default settings, updating software and firmware on their devices, and monitoring network connections and architecture.

You can find more technical details here on Symantec's blog. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?