Hajime IoT worm infects 300,000 devices
It is a worrying fact that such a worm is spreading so fast because the code allows the creator to change its purpose quite easily
Hajime the vigilante IoT worm which was supposedly working towards blocking rival botnets, including the famous and mighty Mirai, has instead compromised some 300,000 devices already, according to reports.
According to a report from Kaspersky Lab, it shows the impressive magnitude of this worm that was apparently built by a vigilante white hat. The rapidly spreading IoT worm fights against the likes of Mirai for control of the products, closing off some ports that are normally exploited by it.
It is a worrying fact that such a worm is spreading so fast because the code allows the creator to change its purpose quite easily. This means the hacker has the ability to go from white hat to black hat without too much trouble.
The IoT worm Hajime takes advantage of security flaws in IoT devices that have not had their username and password combinations changed from the factory default.
It was first discovered back in October 2016 by Rapidity Networks, but it has only attracted attention recently as it started spreading faster and faster. It seems the Hajime worm infects a lot of DVRs, webcams, and routers right now.
Most of infections seem to have happened in Vietnam, Taiwan, and Brazil, with the three countries making up over 40% of the affected devices.
Security researchers have stated Hajime to be more flexible than Mirai, mostly due to the fact that some of its features, like the peer-to-peer control network and the hidden processes, make it harder to interfere with the operation.
As mentioned, there is currently no attacking code or capability in Hajime, but that does not mean it cannot be altered.
"The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity. Nevertheless, we advise owners of IoT devices to change the password of their devices to one that's difficult to brute force, and to update their firmware if possible," advised Konstantin Zykov, senior security researchers at Kaspersky Lab.
Hajime is certainly something that we all need to keep an eye on. Whether it manages to "save" the IoT industry or it flips to the dark side, it's worth to track.