The malware spreads by exploiting a PHP vulnerability patched back in May 2012, said researchers at Symantec. The developer used proof-of concept code published in October to create the worm Symantec called Darlloz. 

“Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target,” Symantec’s Kaoru Hayashi said in a blog post.

The variant analyzed by Symantec can infect only devices running on Intel architectures. However, researchers have also spotted versions for other architectures as well, including MIPS, PPC and ARM. 

Researchers said while they haven’t spotted any Darlloz attacks in the wild, a large number of users who don’t even realize their devices are running Linux are at risk. 

Symantec recommends users to check all their devices connected to the network and make sure they update their software. 

This article originally appeared here: https://www.isssource.com/linux-worm-targets-ics/

Original content can be found at www.isssource.com.

Do you have experience and expertise with the topics mentioned in this content? You should consider contributing to our WTWH Media editorial team and getting the recognition you and your company deserve. Click here to start this process.