Darlloz – the dedicated Embedded device(s)… something

/ december 14, 2014/ IT Security News&Updates/ 0 comments

Some say it’s a worm. Some say it might be a BitCoin miner.  We say that it might be forming/building a new type of BotNet. We’re talking about the Darlloz identified and labeled last year by Symantec.

What it is? Well, it’s a ”good crafted” type of ”malware something” by someone from Africa (as we know by now, yet it might be spreaded out by an innocent victim located there) and it’s a new kind of malware that attacks Linux and Linux powered embedded devices.  And it’s generic, as it tends to buildup/use binaries for ARM, MIPS and many more architectures (it attacks several types of devices found in a network enviroment).

How does it spread? Well, it uses some exploits that are found in basic Linux distributions and, as it seems, a database with common credentials found on different embedded devices (routers, NASes, DVRs, NVRs, IP Cameras, maybe SmartTVs).  And it doesn’t stop here: it also tries to attack x86(Intel/AMD) based servers.

How to check for it? Login into your ethernet/Internet enabled device and search for a process/file/folder that’s named zollard. If you find it, take extra care measures inside your network.

We’ll be releasing soon more information about it and, probably, an automated tool to test/verify local presence of this ”linux-targeted” malware.

Leave a Comment

E-postadressen publiceras inte.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>