Saturday, November 30, 2013

Is the Linux.Darlloz Much Ado About Nothing? Perhaps, Only Time Will Tell.

Apparently there is a new worm supposedly attacking Intel chip based Linux boxes and Linux embedded devices, namely your Tivos, Routers,Tablets,Chromeboxes, Kindles and other like fine devices.  The news has certainly garnered much attention and rightly have many consumers concerned.  However, upon closer inspection, it seems that like most news reports, lately, this alarm is much ado about nothing. According to the alarm ringers from Symantec, whom it is said have discovered said worm, states that there is no evidence, of this worm dubbed Linux.Darlloz, being observed in the wild. Obviously, one should remain vigilant, but there seems hardly any room, as of yet, for panic.  Here's an excerpt of a related article from Infosecurity:
Symantec, who discovered the worm, has named it Linux.Darlloz, and says that it "appears to be engineered to target the 'Internet of things.'" It exploits an old PHP vulnerability to propagate, although Symantec has not yet found it in the wild. "The attacker," says Kaoru Hayashi in a company blog, "recently created the worm based on the Proof of Concept (PoC) code released in late Oct 2013."
There are several root-kit and virus scanners available for Linux Desktop users, but seriously, how does one run a virus scan on an embedded device with read-only file systems?  It's not as if one can do virus scans remotely on those machines.  If anyone of you knows how to remotely virus scan or check for root kits remotely let us know, we'd love to try it.  The point really is this, this worm is mainly a proof of concept and will probably remain as such. 

No comments:

Post a Comment