Darlloz – the dedicated Embedded device(s)… something

Some say it’s a worm. Some say it might be a BitCoin miner.  We say that it might be forming/building a new type of BotNet. We’re talking about the Darlloz identified and labeled last year by Symantec.

What it is? Well, it’s a „good crafted“ type of „malware something“ by someone from Africa (as we know by now, yet it might be spreaded out by an innocent victim located there) and it’s a new kind of malware that attacks Linux and Linux powered embedded devices.  And it’s generic, as it tends to buildup/use binaries for ARM, MIPS and many more architectures (it attacks several types of devices found in a network enviroment).

How does it spread? Well, it uses some exploits that are found in basic Linux distributions and, as it seems, a database with common credentials found on different embedded devices (routers, NASes, DVRs, NVRs, IP Cameras, maybe SmartTVs).  And it doesn’t stop here: it also tries to attack x86(Intel/AMD) based servers.

How to check for it? Login into your ethernet/Internet enabled device and search for a process/file/folder that’s named zollard. If you find it, take extra care measures inside your network.

We’ll be releasing soon more information about it and, probably, an automated tool to test/verify local presence of this „linux-targeted“ malware.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.