3 min read

Could a 'good worm' save the Internet of Things from the Mirai botnet?

Graham CLULEY

October 31, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Could a 'good worm' save the Internet of Things from the Mirai botnet?

The Mirai botnet has certainly has made its presence felt – hijacking control over poorly-protected Internet of Things devices across the globe to launch massive denial-of-service attacks.

And the problem isn’t an easy one to fix. Even if manufacturers of vulnerable devices urge customers to change the default passwords or prevent their gadgets from being accessed from the outside world, there’s no guarantee that a significant number of people will actually listen.

And many of the vulnerable devices have no update infrastructure, removing the possibility of pushing out patches as would be done if the at-risk devices were desktop PCs running Windows or macOS.

In other words, it’s an almighty mess.

But now one person thinks they have a potential solution. Software engineer Leo Linsky has published code – based upon the leaked source code of Mirai – that could spread like a worm, breaking into vulnerable web-connected cameras and other devices to change their default login credentials.

Linsky shares more details of his counter-Mirai research on Github:

“The idea is to show that devices can be patched by a worm that deletes itself after changing the password to something device- specific or random. Such a tool could theoretically be used to reduce the attack surface.”

Linsky calls his creation an “anti-worm worm (or nematode)”.

I call it a potential breach of computer crime legislation.

You see, altruistic as it might appear to patch other people’s internet devices, you shouldn’t do it without their consent. Logging into someone else’s internet devie and changing their settings without permission is breaking the law in the United States, United Kingdom and many other countries around the world.

Over twenty years ago, veteran malware researcher Vesselin Bontchev wrote a seminal paper on the subject of beneficial malware, “Are ‘good’ computer viruses still a bad idea?”, and his arguments still stand up today.

For instance, aside from the legal issues, anyone releasing the “anti-worm worm” has no control over how it would spread, or the resources it might gobble up as it scours the internet looking for more vulnerable devices to patch. Furthermore, what sort of testing would be done on the viral code in a controlled environment before it is unleashed onto the public internet, and what mechanisms might exist for updating it when (inevitably) its own bugs are found?

Even if you think your anti-worm worm works well now, questions must be asked about its compatibility into the future – and how it might act if, as seems possible, it encounters other people’s attempts to create anti-worm worms.

And how would such a worm tell the difference between devices that are candidates for patching and those which should definitely be left well alone (such as those running critical systems, or those set up by researchers as honeypots to examine Mirai’s activities)?

Finally, is it possible that cybercriminals could take the code of Linsky’s creation and use it as the inspiration for their own malware (just as Linsky based his upon Mirai’s leaked code), and create an even greater menace?

Fortunately, Linsky himself seems to recognise that it would be a mistake to release Nematode onto the internet:

“This is meant to only be tested in closed research environments. Use of this software is at your own risk.”

The Internet of insecure Things is most definitely a serious problem, and one that is likely to continue to make its presence felt for a long time to come. But I don’t think releasing an anti-worm worm is the right way to deal with these significant challenges.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read