Linux worm Darlloz targets Intel architecture to mine digital currency

Summary:A new variant of the Darlloz worm focuses on manipulating home systems to mine for digital currency beyond Bitcoin.

credit cnet
Credit: CNET

A Linux worm variant found in the wild targets routers, set-top boxes, and now PCs in order to mine for cryptocurrency.

According to research firm Symantec, a new Internet of Things (IoT) worm was discovered last November. Dubbed Linux.Darlloz, the worm targets computers running Intel x86 architectures, as well as devices running the ARM, MIPS and PowerPC architectures, such as routers and set-top boxes.

Preloaded with usernames and passwords in order to crack into such systems, a new variation has now been found, which continuously updates and is now making money through the mining of cryptocurrency.

Kaoru Hayashi, a senior development manager and threat analyst with Symantec, wrote that the new version focuses on finding Intel architecture PCs in order to install "cpuminer," an open-source mining program. As Bitcoin can no longer be mined effectively from personal computers, the worm mines spin-off currencies such as Mincoins and Dogecoins instead, where money can still be made.

Must See Gallery

10 technologies that made me more productive in 2014

Hardware. Software. Services. We live in amazing times, and the technologies we use every day would have been considered magical just a few short years ago. Here are 10 small pieces of magic that made my life easier this year.

"The reason for this is [that] Mincoin and Dogecoin use the scrypt algorithm, which can still mine successfully on home PCs, whereas Bitcoin requires custom ASIC chips to be profitable," Hayashi wrote.

In Symantec's last scan, researchers found that 31,000 devices have been infected with the worm, with half of the infections based in India, China, South Korea, Taiwan, and the United States. By the end of February this year, the cyberattackers were able to mine 42,438 Dogecoins and 282 Mincoins, worth approximately $46 and $150. While this is a low amount, further attacks can boost the monetization substantially over time.

It is believed that the hackers capitalize on a backdoor in several router types, which can be exploited to gain remote access. However, this represents a threat to Darlloz if more malware is installed, and so the author implemented a feature to block the backdoor port by "creating a new firewall rule on infected devices to ensure that no other attackers can get in through the same back door."

In total, 31,716 identified IP addresses were infected. 43 percent of Darlloz infections compromised Intel based-computers or servers running on Linux, and 38 percent of Darlloz infections have affected a variety of IoT devices.

IoT devices are often left on default password settings and generally have lax security, leaving such vulnerabilities wide open. Symantec suggests that security patches are applied to all software installed on PCs or IoT devices, and passwords are changed from default settings. In addition, to further improve security, blocking connections on ports 23 and 80 are recommended.

Topics: Security, Intel, Linux

About

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.