The rapidly growing Hajime malware is actually doing a good deed?
A few days ago, we told you about the Hajime malware. Hajime works much like the Mirai malware which took down a large portion of the internet last year. Hajime has been growing at a brisk pace since a few weeks after the Mirai attack, and utilizes techniques which render it safe from methods used to block the Mirai malware. Now, it appears that Hajime may just be a positive force. A vigilante malware created to fight for control of these devices, and blocking off access from Mirai.
Bleeping Computer reports that there is something missing from the Hajime malware. There is no DDoS feature within the malware, meaning that it is currently unable to carry out a DDoS attack, which is the primary reason for these botnets. This lead researchers to believe that this was simply because the malware was still in development.
When the malware was first found and publicized, the report commented on a few bugs in the code. Hajime’s creator obviously read this report, as they have gone in and fixed those bugs, and still did not add a DDoS utility to the malware.
More proof to the true intention of this malware is what it does once it infects a device. Once the infection occurs the malware immediately blocks access to ports 23, 7547, 5555, and 5358. These are ports which have previously been exploited by Mirai and other IoT malware. It then pings back a cryptographically-signed message every ten minutes to the malware’s servers. This message reads:
Just a white hat, securing some systems.
Important messages will be signed like this!
A vigilante malware? Who’d have thought that? While the program may be doing a good deed, it’s not a perfect fix. For one, the malware is defeated by rebooting the device. Additionally, there is nothing saying that the malware’s creator may not decide to use it for nefarious means in the future, or even more likely, other less scrupulous hackers may use the tricks used in this malware for attacks instead of protection. There is only one fix for these botnets, whether they are taking over devices for attacks, or potentially protection. That is to properly secure these devices. It’s time to bring the EoT to the IoT.