[Symantec] reports Hajime seems to be a white hat worm that spreads over telnet in purchase to protected IoT devices instead of actually doing anything malicious.

[Brian Benchoff] wrote a terrific short article about the Hajime Worm just as the story broke when first discovered back in October last year. Abban az időben úgy nézett ki, mint egy rosszindulatú iot botnet kezdete, hogy néhány DDOS bajt okozzon. In a crazy turn of events, it now seems that the worm is actually securing devices affected by another major IoT botnet, dubbed Mirai, which has been launching DDoS attacks. much more recently a new Mirai variant has been launching application-layer attacks because it’s source code was uploaded to a GitHub account and adapted.

Hajime is a much much more complex botnet than Mirai as it is controlled through peer-to-peer propagating commands through infected devices, whilst the latter uses hard-coded addresses for the command and control of the botnet. Hajime can also cloak its self better, managing to hide its self from running processes and hide its files from the device.

A szerző bármikor megnyithat egy shell parancsfájlt a hálózat bármely fertőzött eszközhöz, és a kód moduláris, így az új képességek hozzáadhatók a repülés során. It is obvious from the code that a fair amount of development time went into developing this worm.

Szóval hol van ez? Eddig ez kezdõdik úgy néz ki, mint egy cyber csata a jó vs gonosz. Vagy ez egy gyepháború a rivális cyber-mafias között. csak az idő fogja megmondani.