Share Button

Image: http://www.flickr.com/photos/111692634@N04/

Image: http://www.flickr.com/photos/111692634@N04/

A new version of malware worm is causing headaches for Linux users across the internet. Last year, Symantec identified a PHP-exploiting worm called “Linux.Darlloz” which was popping up on non-PC Linux devices like routers and security cameras. The worm was a security specialist’s nightmare, but most vulnerable devices could be easily patched with a simple update.

This week, however, reports began to surface of a new variant on Darlloz, this time infecting Intel-chip machines running Linux. The newly evolved worm is particularly worrisome because it installs “cpuminer” on infected machines, turning them into dogecoin and litecoin-mining zombies. In addition to eating up CPU resources, the program could prove to be a gateway for other malicious programs.

According to a report on CoinDesk, the worm doesn’t appear to be a huge money-maker for hackers at the moment.

Since bitcoin can no longer be effectively mined by personal computers, the developers of the Darlloz worm sensibly opted for scrypt mining instead. Scrypt is the ‘proof of work’ algorithm used by many altcoins, such as litecoin and dogecoin, whereas bitcoin uses SHA-256. … Fortunately, the worm appears to be propagating slowly and it is not doing much damage. … [One known attacker] used Darlloz to mine 42,438 dogecoins and 282 mincoins, with a combined value of less than $200.

Linux-based viruses are relatively rare, largely because of the operating system’s small market share. With Linux-based devices like Android smartphones, TVs and internet-connected appliances becoming commonplace, however, mining-driven worms like Darlloz may become significant problems in coming years.

Share Button