Sign Me Up For
The Free Assessment

 

MALWARE ALERT: IoT malware clashes in a botnet territory battle (Hajime vs Mirai)

We have all heard about the notorious malware dubbed Mirai that has been enslaving IoT devices. Lo and behold, there comes a new challenger, dubbed Hajime.

This new Hajime malware has a very potent programming that surpasses the resiliency of the Mirai malware. They say that its design is similar to Mirai on steroids.

Hajime has been discovered more than six months ago, but it has been spreading at an alarming rate and has been creating a huge botnet network which would have probably infected more than 100,000 devices across the globe.

This is quite alarming since the botnets or network of enslaved computers can be used to launch massive Distributed Denial of Service attacks (DDoS) which is capable of taking down websites or even disrupting the internets infrastructure.

Mirai’s malware phenomenon made headlines last October when it targeted DNS provider DynDNS, which got severely crippled and slowed down internet traffic across the U.S.

During the same time of Mirai’s spread, while security researchers were on the hunt for Mirai, they have stumbled upon Hajime and found that its programming although similar, but is more tenacious.

Both malware scans the internet for poorly secured IoT devices. Among these devices are cameras, DVR’s, routers just to name a few. The malware tries to compromise them by using known username and password combinations and once in, transfers the malicious payload to the said devices.

Their main difference is that Hajime does not take orders from a command-and-control server like Mirai-infected devices do. A peer-to-peer network is used by Hajime, like the ones used by BitTorrent which makes it harder to stop.

This makes Hajime more advanced than Mirai.

For starters, ISP’s have been blocking internet traffic from devices to get in touch with the command servers. On the flip side, Hajime continues to grow and convert the Mirai infected devices to work to their advantage.

It has not been determined who made the Hajime malware. DDos attacks have not yet been in the wild using Hajime. With its capabilities, it has not been confirmed that any DDoS attacks have been launched by Hajime.

However, Hajime does continue to search the internet for vulnerable devices. Geenens’ own honeypot, a system that tracks botnet activity, has been inundated with infection attempts from Hajime-controlled devices, he said.

The main purpose of developing Hajime remains unknown as of this time. It is highly likely that it will be used for cyber-related crimes, launch DDoS attacks for extortion purpose, and even financial fraud.

Primarily, its design is really alarming.

It is probably a research project or a vigilante security expert made it to disrupt Mirai.

So far, Hajime appears to be more widespread than Mirai, said Vesselin Bontchev, a security expert at Bulgaria’s National Laboratory of Computer Virology.

There is a key difference between the two. Hajime has been found to infect devices using ARM chips.

Source code of Mirai has been released publicly late September last year. On that note, copycat hackers have upgraded the code and upgraded the malware.
It has been found that Mirai strains infects IoT products that use ARM, MIPS, x86, and six other platforms.

Their territories have not clashed yet, nevertheless, Hajime has stunted Mirai from spreading by preventing it from going further.

“There’s definitely an ongoing territorial conflict,” said Allison Nixon, director of security research at Flashpoint.

Fow now, it is best to tackle the problem by patching the vulnerable IoT devices. It is time consuming, and some devices may not be even patched up making it prone to malware infections.

That means Hajime and Mirai will probably stick around for a long time, unless those devices are retired.

It may take a long time to get rid of them since rebooting the devices will only let the malware reboot instead of getting rid of it. It’s never going to stop, but will just continue to spread.

Written by

No Comments Yet.

Leave a Reply

Message

[contact-form-7 id="5555" title="Mobile Form"]