Symantec, who discovered the worm, has named it Linux.Darlloz, and says that it "appears to be engineered to target the 'Internet of things.'" It exploits an old PHP vulnerability to propagate, although Symantec has not yet found it in the wild. "The attacker," says Kaoru Hayashi in a company blog, "recently created the worm based on the Proof of Concept (PoC) code released in late Oct 2013."There are several root-kit and virus scanners available for Linux Desktop users, but seriously, how does one run a virus scan on an embedded device with read-only file systems? It's not as if one can do virus scans remotely on those machines. If anyone of you knows how to remotely virus scan or check for root kits remotely let us know, we'd love to try it. The point really is this, this worm is mainly a proof of concept and will probably remain as such.
Saturday, November 30, 2013
Is the Linux.Darlloz Much Ado About Nothing? Perhaps, Only Time Will Tell.