An Interest In:
Web News this Week
- March 14, 2024
- March 13, 2024
- March 12, 2024
- March 11, 2024
- March 10, 2024
- March 9, 2024
- March 8, 2024
An 14-year-old's Internet-of-Things worm is bricking shitty devices by the thousands
A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes the devices' firewall rules and removes its network config and triggers a restart -- this effectively bricks the device, rendering it useless until someone performs the complex dance needed to download and reinstall the device's firmware.
The worm has taken down at least 2,000 devices since it appeared earlier today, and is indiscriminate enough that it could take down GNU/Linux servers that were badly configured. At least some of the worm's instances have been served from novinvps.com, which is based in Iran. Ankit Anubhav from NewSky Security told Zdnet that he made contact with the worm's author, "Light Leafon," who claimed to be 14 years old. Anubhav had already contacted Leafon earlier, when Leafon released a precursor to Silex called HITO that attacked IoT devices last month. Anubhav calls Leafon "one of the most prominent and talented IoT threat actors at the moment."
Last year, an IoT worm called Brickerbot swept the internet, and its author claims that it disabled 10,000,000 IoT devices in the process.
Read the restThe teenager said he plans to develop the malware further and add even more destructive functions.
"It will be reworked to have the original BrickerBot functionality," Light told Anubhav and ZDNet.
Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/W-zWzfooyUU/teenaged-kicks.html