Worm targets Linux PCs and embedded devices

A Symantec researcher has discovered a worm that runs on embedded Linux systems, like those found in set-top boxes and routers. The worm, called Linux.Darlloz, attacks out-of-date Linux installations running on Intel hardware (a small minority in the embedded systems world), but it would not be hard to modify it to attack embedded linuces on other chips.

"Upon execution, the worm generates IP [Internet Protocol] addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability," the Symantec researchers explained. "If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target."

"The attacker is apparently trying to maximize the infection opportunity by expanding coverage to any devices running on Linux," the Symantec researchers added. "However, we have not confirmed attacks against non-PC devices yet."

While not posing much of a real-world threat now, Darlloz demonstrates a major shortcoming with most Internet-of-things devices available today-they typically run Linux or other types of open source code that are woefully out of date. Making matters worse, many Internet-connected consumer devices can't be updated because their lightweight hardware can't handle the requirements of newer code versions. Hijacking one of these devices thus becomes much easier than exploiting, say, an up-to-date version of Windows, OS X, or Linux.

Read more -here-

• Dell confirms database hacked - hacker says 49 million customers hit
• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package
• OpenAI is reportedly working on a search feature for ChatGPT
• TikTok, ByteDance sue to block US law seeking sale or ban of app
• OpenAI partners with Stack Overflow to make models better at coding