Linux.Darlloz Worm-Targets Internet of Things

Internet of Things (IoT) and other Linux embedded system are the highly vulnerable things of Linux.Darlloz and this is a core function of Linux.Darlloz.  Linux.Darlloz, as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec.

It stipulates that this worm infect different devices at different point of time, so it’s almost like the new threat. With the help of this, we will talk more about Linux.Darlloz.

What is Linux.Darlloz and when it was discovered? 

Linux.Darlloz is a worm that was found in 2013 by Symantec. Linux worm is a complete box that targets the vulnerabilities of Linux embedded systems and IoT. There is a lot more about the Linux worms and they can spread via different malicious sources.   

Most people have probably never come across the Linux worm, but it affects the business world on large scale and is widely used to run on Web servers and mainframes for example. The worm, Linux.Darlloz, initially appeared to be nothing of the ordinary. It utilizes an old vulnerability in scripting language PHP to gain access to a computer; attempt to gain administrative access by trying a series of commonly-used usernames and passwords and propagates itself by searching for other computers. The worm leaves the back door on the infected computer, allowing the attacker to issue commands to it.

The other interesting thing that this worm does is scan for instances of another Linux worm, known as Linux.Aidra. If it finds any files associated with this threat, it attempts to delete them. This worm also makes an attempt to block the communication port used by Linux.Aidra. The attacker behind the Linux.Darlloz knows that the kinds of devices infected by Linux.Aidra has limited memory and processing power and does not want to share them with any other piece of malware.

Linux.Darlloz Worm Targets IoT 

As we already told you that Linux.Darlloz worm targets the Internet of things (IoT). This worm is able to attack internet-based devices in addition to traditional computers. There is variant exists for chop architectures usually found in devices such as home routers, set-top boxes, and security cameras. Although, till now no attacks have been discovered against these devices. Still, a number of users may not realize that they are at risk since they are unaware they own devices that run Linux.

The worm Linux.Darlloz exploits a PHP vulnerability to propagate itself in the wild. The worm utilizes the PHP information disclosure vulnerability, which is an old vulnerability that was patched in May 2012. Criminals recently created the worm based on the proof of concept (POF) code released in later October 2013.

Linux worm first generates IP addresses randomly, accesses a specific path on the machine with well-known IDs and passwords, and also sends HTTP POST requests which exploit the vulnerability. If the target is unpatched, it will start downloading the worm from a malicious server and starts searching for its next target. At the current time, as we told you that the worm seems to infect only Intel x86 systems because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.

Linux is known as an open-source operating system and has been ported to various architectures. Remember that Linux is not only running on Intel-based computers, infect it also runs on small devices with different CPUs, like home routers, set-top boxes, security cameras, and even industrial control systems. Note that some of the devices also provide a web-based user interface for settings or monitoring such as Apache Web Servers and PHP servers.

Troubleshooting Linux.Darlloz

Troubleshooting Linux worm isn’t a game, you need to be aware to protect your company. Before you think to remove it, we recommend you take measures that prevent your company from being attacked. Still, if have already got infected with Linux.Darlloz, you can use Waredot Ultimate protection. 

Waredot Ultimate comes with the amalgamation of Waredot Antivirus and Waredot Total Protection with highly advanced protection. This amalgamation proves it best for virus and malware protection because here you will get one package-two tool and unlimited benefits with advanced security protection. 

You can take a 30-day free trial and then if you do like to use it ahead, it’s pretty simple to buy Waredot Ultimate for ultimate protection.

Summary 

Hey guys! This was the guide about “Linux.Darlloz Worm-Targets Internet of Things.” Although, Linux's new version also targets PHP, and at the current time it is said that Linux is only targeting Intel x86. If you’re unaware of Linux, then you’re more vulnerable to Linux. 

Hope you find this article helpful and informative. If you’ve any queries regarding this article, please let us know in the comment section. We would be glad to answer you!