Hajime: Is a white hat hero trying to protect the IoT from Mirai with a vigilante computer worm?
Worm is heading off Mirai botnet's attack but its exact purpose remains a mystery.
A vigilante hacker is believed to be behind a new computer worm that's spreading through IoT devices to protect them against a particularly dangerous piece of malware known as Mirai.
The worm, known as Hajime, has infected some 100,000 internet-connected cameras, routers and other smart home systems over the past six months and continues to grow rapidly. However, the worm has yet to launch any form of attack, leading security experts to speculate that Hajime is the work of a white hat or "ethical" hacker out to stop Mirai in its tracks.
The worm is even carrying a message from its creator to reassure users that its intentions are good, reports Network World.
Mirai, a botnet made up from tens of thousands of IoT devices infected with malware, first came to attention in 2016 and was behind what many considered to be the largest distributed denial of service (DDoS) attack in history in October last year. The malware was able to spread rapidly through internet-connected consumer devices that had been left vulnerable by users, namely by them not changing factory-set usernames and passwords.
Hajime was first spotted in October 2016. From what security experts have observed, the worm is spreading to Mirai-infected IoT devices and blocking access to the device ports know to be targeted by Mirai, thereby preventing the malware from exploiting them.
White worm?
Hajime itself doesn't appear to be having any impact on users' devices, which Symantec security researcher Waylon Grange said were "designed not to degrade network performance". Meanwhile the worm's developer, who calls themselves the "Hajime Author," says he or she is "just securing some systems" in the messages they are leaving behind.
However, consumers could be in a lot of trouble should Hajime turn out to be something more sinister. The rate at which it's spreading has led some security experts to label it "Mirai on steroids", and it could even be more widespread, reports PC World.
"There is a question around trusting that the is a true white hat and is only trying to secure these systems, as they are still installing their own backdoor on the system," said Grange.
Grange added that the fallout would be "difficult to deal with" if Hajime reared a more menacing head – an understatement given the havoc Miari ravaged on the Internet of Things late last year. Hajime is also more advanced and more resilient that its rival as it doesn't take commands from a central control server like Mirai does, making it harder to stop.
"Unlike Mirai, which uses hard-coded addresses for its command and control (C&C) server, Hajime is built on a peer-to-peer network," said Grange. "There isn't a single C&C server address, instead the controller pushes command modules to the peer network and the message propagates to all the peers over time. This is typically considered a more robust design as it makes takedowns more difficult.
"The modular design of Hajime also means if the author's intentions change they could potentially turn the infected devices into a massive botnet."
The only thing users can do to protect themselves is to ensure they take appropriate measures to protect their internet-enabled home gadgets: namely setting strong, custom login credentials, encrypting devices wherever possible and disabling features that are either not needed or make devices more susceptible to attack, such as Universal Plug and Play. (UPnP).
© Copyright IBTimes 2024. All rights reserved.