Linux.Darlloz can target devices that run on Intel-made CPUs, so right now the threat is considered 'low-level.'
Symantec researcher Kaoru Hayashi says minor modifications could make the worm potent, if they incorporate available executable and linkable format (ELF) files. Those ELF files can attack devices running on ARM, PPC, MIPS, and MIPSEL architectures.
"Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability," Hayashi explained (via Ars). "If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures."
The worm exploits devices with outdated open source code, many of which cannot even be updated due to aging hardware that cannot meet the minimum requirements.
Written by: Andre Yoskowitz @ 30 Nov 2013 23:25
