Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 03 December 2013 12:03

Symantec identifies Internet of Things worm

By

Symantec has identified a new worm that can potentially infect embedded devices within your home or business network.

Symantec researchers have detected a worm which seeks susceptible online hosts and then propagates itself. That’s what a worm does and they are never pleasant or fun; what makes this worm noteworthy is it carries a greater risk to so-called smart devices rather than computers and servers.

First, the worm – dubbed Linux.Darlloz – generates random IP addresses. It does not scan or probe a network in any meaningful way, but simply tries random attacks.

Upon choosing a target, the worm attempts to exploit a PHP vulnerability that was patched in May 2012. It will strive to invoke the following folders or executables on its target machine:

~/cgi-bin/php
~/cgi-bin/php5
~/cgi-bin/php-cgi
~/cgi-bin/php.cgi
~/cgi-bin/php4

If the attack is successful, the worm will download a new executable program, which is hard-coded to the ELF binary for Intel x86 architectures.

The worm then repeats itself, on the new device, ad infinitum.

What does this mean and who is vulnerable, you will ask. While any malicious program is a concern, it is important to be level-headed and consider the conditions required for a successful attack.

Given the exploit is one that was patched 18 months ago the probable risk to servers is low, but it is immediately prudent for systems administrators to ensure their PHP modules are up-to-date. This is always good advice for Internet-facing equipment.

Unless there is a compelling reason not to do so, the above listed PHP targets should be blocked from receiving inbound POST requests.

Next, if your server is not running PHP, or is not running Linux on an Intel x86 platform, then the worm cannot infect it. The exploit attempts may be annoying in the sense of wasteful traffic, but there is no risk of infection. Given most servers – at least for business – would be 64-bit (whether Intel or not) the number of viable targets for the worm would appear very low.

This brings us to the so-called “Internet of things”. This is where Symantec sees the risk. After all, if your server is not 64-bit, is not Intel, is not unpatched, then it is not a target.

Yet, if your BluRay player, your smart TV, your router, or other so-called “smart” devices is exposed to the Internet then it may be a target. Linux is a popular operating system choice for embedded devices because it is a freely available and highly configurable platform, with lean memory requirements and a rich repository of networking and media code.

What operating system do the smart devices in your home run? When was the last time you updated its firmware? Chances are you do not know or do not recall. Here is where the risk comes in – except, again, the worm targets Intel x86 processors. It is more likely these devices will be running an ARM or PPC or MIPS architecture, designed for low power consumption.

Still, the risk exists, and knowing of the problem is the first step, and knowing where to focus your efforts is the next.

Our recommendation is to identify and record the network-connected non-computer devices in your home – routers, switches, TVs, TiVos, PVRs, printers, BluRay players and others. Attempt to determine the operating system they run and their processor architecture. Visit vendor web sites to determine if these devices have embedded web servers (if you can browse to the device by its IP address and a web page comes up then they do) and to obtain any firmware upgrades that may have been released.

Of course, ensure your traditional computing devices are also current with patches too.

This is by no means the first Linux worm, and most certainly it will not be the last. It is notable however for the risk it potentially poses to devices that most people would not ordinarily think about when considering “computer security”. By understanding the specific conditions that must be met before infection can occur it is possible to keep a calm and level-head and to take action which will ensure you remain protected.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments