Linux.Darlloz is a nasty new worm

Posted by Trent Nouveau

Linux is generally perceived as one of the more secure operating systems both for desktop PCs and more mobile devices.

However, Symantec recently identified a new Linux worm dubbed Linux.Darlloz that targets traditional PCs, alongside Internet-enabled devices such as routers, set-top boxes and security cameras.

Nevertheless, as CNX Software notes, attacks against non-PC devices have yet to be confirmed.

According to Symantec, the worm exploits an "old" PHP vulnerability which was actually patched back in May 2012 (PHP 5.4.3, and PHP 5.3.13) and currently only affects Intel (x86) based systems.

"You’d need an embedded system powered by an Intel processor, running Linux and PHP to be at risk," a CNX Software writer explained. "Having said that, Symantec also explains code for other architectures such as ARM, PPC and MIPS is also present in the worm - [so] these systems could potentially be at risk too with small modifications."

Changing system and WiFi passwords is probably one of the most obvious ways of protecting against the worm, as well as software updates and blocking incoming HTTP POST requests to -/cgi-bin/php* paths.

"Contrary to computers, which nowadays automatically install security patches regularly, embedded devices seldom get firmware updates, and security is sometimes an afterthought," the CNX Software writer concluded.

"To add to the complexity, many vendors do not disclose the operating systems running on their products, so it might be difficult for the average user to even know if their system is at risk."