SMB Nation Blog

SMB Nation has been serving the Bainbridge Island area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

There’s A New Linux Worm, Symantec Says

There’s a newly discovered Linux worm out, according to a new blog post published by Symantec. Right now, the worm appears to be affecting only x86 computers running Linux and PHP, however it can possibly attack smaller devices such as set top boxes, home routers, and security cameras. Also potentially affected are Apache web servers and PHP servers. In addition to this threat, the attacker hosts variants for other architectures including PPC, MIPSEL, MIPS and ARM.

Because many embedded devices are rarely updated due to outdated technology or some other issue, the concern remains that some devices (such as routers) may be left open to infection. The worm, which is called Linux Darlloz, utilizes an old vulnerability that had been patched back in May 2012.

In their blog post, Symantec researchers wrote, “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.”

Steps To Protect Your Devices

In the post, Symantec recommends taking the following steps:

  1. Verify all devices connected to the network
  2. Update their software to the latest version
  3. Update their security software when it is made available on their devices
  4. Make device passwords stronger
  5. Block incoming HTTP POST requests to the following paths at the gateway or on each device if not required:
  • -/cgi-bin/php
  • -/cgi-bin/php5
  • -/cgi-bin/php-cgi
  • -/cgi-bin/php.cgi
  • -/cgi-bin/php4
Continue reading
0 Comments

Recent Comments

muneer ahmed Telkonet EcoSmart System to be Installed in Brazil Hilton Hotel
19 May 2019
Great job for publishing such a beneficial web site. Your web log isn’t only useful but it is additi...
Edward foX Senate Passes S.744, Immigration Modernization Act; CompTIA Urges House to Follow Suit
18 May 2019
camping have been the best activity that we can have during the summer, i love to roast marshmallows...
Edward foX Senate Passes S.744, Immigration Modernization Act; CompTIA Urges House to Follow Suit
18 May 2019
diamond engagement rings will be always be the best stuff. it has great style and it is priceless,, ...