Rapidity Networks researchers discovered a new internet of things worm they called Hajime, which they captured...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
in honeypots set up to study the Mirai malware. Hajime malware has some similarities to Mirai, such as the ability to scan the internet for devices running the Telnet service. How does the Hajime malware spread, and how is it different than the Mirai botnet?
Most types of malware have similarities, but implementation details may differ widely. If different types of malware have similar targets, then it is likely there will be more similarities in the malware.
Internet of things (IoT) devices may be very diverse in functionality, but the IT aspects are very similar because people want to be able to control or access the devices from their smartphones and computers, and for many reasons. These IT aspects are a huge component of the security challenge, as using insecure shared libraries and software development environments can result in many of the same security vulnerabilities, such as default accounts with weak passwords.
The Rapidity Networks Security Research Group speculated the Hajime malware would be used like the Mirai botnet in distributed denial-of-service attacks, but only the first two stages of the attack were observed.
Hajime identifies systems to infect by scanning the internet for systems running Telnet on Port 23 TCP, and then tries to log in with default accounts and passwords. Once logged in, the worm inspects the local system to determine what malware to upload in order to take control of the device. Once Hajime malware takes control of the system, it uses a peer-to-peer connection for the command-and-control infrastructure.
Hajime malware and the Mirai worm have very similar attack patterns, but the Hajime scanning logic appears to be taken from qBot.
Rapidity Network researchers reported Hajime started scanning a couple of days before Mirai, uses a different login sequence and uses more advanced methods to determine what malware to run on the target system. Enterprises should be aware that there are two distinct threats, and should plan accordingly to defend against and mitigate them.
Find out three steps to harden IoT devices in your enterprise
Discover how to prevent your IoT devices from being infected by malware
Learn about the vulnerabilities in St. Jude Medical's IoT medical devices
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.