[Symantec] Reports Hajime seems to be a white hat worm that spreads over telnet in order to secure IoT devices instead of actually doing anything malicious.
[Brian Benchoff] wrote a great article about the Hajime Worm just as the story broke when first discovered back in October last year. At the time, it looked like the beginnings of a malicious IoT botnet out to cause some DDoS trouble. In a crazy turn of events, it now seems that the worm is actually securing devices affected by another major IoT botnet, dubbed Mirai, which has been launching DDoS attacks. More recently a new Mirai variant has been launching application-layer attacks since it’s source code was uploaded to a GitHub account and adapted.
Hajime is a much more complex botnet than Mirai as it is controlled through peer-to-peer propagating commands through infected devices, whilst the latter uses hard-coded addresses for the command and control of the botnet. Hajime can also cloak its self better, managing to hide its self from running processes and hide its files from the device.
The author can open a shell script to any infected machine in the network at any time, and the code is modular, so new capabilities can be added on the fly. It is apparent from the code that a fair amount of development time went into designing this worm.
So where is this all going? So far this is beginning to look like a cyber battle of Good vs Evil. Or it’s a turf war between rival cyber-mafias. Only time will tell.
I found it hard to focus on this article. All i could think of was how nice it would be to have gummy worms right now
I concur.
There is no hat.
People “secure” devices as they infect usually for sole control of the bot net.
The lack of payload does not make them morally enlightened.
Most of the the time people who identify as “Security experts” are just uncreative sociopaths looking for adoration by the naive.
Maybe auto-install BSD over Windows 10 as a forced update would eliminate most issues.
There’s a one-line fix for that: s/”?[Ss]ecurity [Ee]xperts”?/DISGUISED HACKERS \(probably malicious\)/
It even works with capital letters, though it can’t tell if said security experts are actually malicious.
Considering this worm doesn’t target windows devices, it would probably not eliminate this issue.
According to the BSD trolls, Windows is always the problem and BSD always the solution.
yeah, a backdoor that can be used with good intentions? /s
LOL, saw this article’s news over at N-O-D-E.net just yesterday, Dead-drop 15.
Presumably someone with good intentions…. Still interesting to see how this pans out.
WTF, comment embedded itself in another? I thought I refreshed the page due to decision change (CTRL+T CTRL+W level page refresh!)
You been hax0red?
Yeh, I hax0r’d myself by closing the new tap and CTRL+L, CTRL+V,RTN -ing the already loaded tab, the browser just kept stale data, LOL. I was supposed to paste in the new tab.
Not as bad as my brother:
Back at the end of XP era (the extended era, not the current POSReady era) I had set a few things tighter on my firewall settings, and some tweaks. My brother uses some downloaded Metasploit-like package for windows on his laptop. He tried to send a remotely requested shutdown to my laptop… however I already long beforehand found out how to configure an echo-back setting of some kind on all things blocked, Something like that as far as I can remember about XP’s firewall settings. Needless to say the request was echoed back to his PC and his PC shut itself down.
“Hajime” means “beginning” in Japanese.. So is the the beginning of a series of “good” viruses? Does the Hajime worm have Japanese origin?
Not necessarily. The name might have been chosen to contrast with Mirai (future). I mean, naming it Kako (past) is weird.
“Kako” assumes the meaning of “I poop” in some languages…
Or is it the “beginning” of some evil plot to come?
The “beginning” of the “future”
I just ordered 1kg of gummy worms.
Sugar free!
i understood that reference!
Hopefully not by personal experience! XD
what morons are putting their IoT directly on a internet connection? Firewall and router. If you cant do that then you deserve to be hacked.
No-one “deserves” to be hacked.
You don’t have to be a moron to buy a an internet router with a firewall built in, change the password like your computer savvy brother in law told you, then bought a webcam and hooked it up in your house. Didn’t change the password on that because it is behind the firewall. Makes perfect sense until you learn about UPnP, which happens to be enabled by default on a large number of routers and cameras.
we need a worm virus that moves all windows user documents to a separate folder, wipes windows, then installs linux mint :). if it happens to enough computers people may actually have secure computers
I used to love Linux Mint until it updated to Gnome 3 overnight, completely broke the user experience. Point Linux has been fantastic though
This is not white hat. It’s done without consent/knowledge.
you mean Micro$oft?
Future versions of this botnet will show “This device is insecure. Do you want it to self-destruct?” in the configuration page, with a big “YES” button and a small text saying “Not clicking YES in 60 seconds will automatically brick the device and overheat the CPU”. So it will be done with both consent and knowledge.
White hat in the sense of morals, then yes. White hat as defined in profession? No. White Hat and Black hat in those terms requires money, and this would then be termed Grey Hat.
God gamn I wish it were destructive and not some Cloak&daggerware.cia.nsa.gng.cnnn.fnf , The description sounds like a bought and paid for heavy hitters tool.
It ain’t no friendly spiderman.
The devices need to be configured to DoS the people who sold it (eternally) and then be secured so the changes cannot be undone. This is the only way they will learn to secure their devices.
sad thing is that DoS-ing someone hurts more for the middlemen. there is no protection from crap of this magnitude generated by iot gear, so even if the proposed stream hits the intended target, the collateral would be way to much. it could potentially wipe off their ISP too, and all its customers.
Still illegal in the eyes of the law.
And I’m not sure I don’t agree.