Viruses remain fascinating. We don’t know whether they predate more complex forms of life, like bacteria, or descended from them. Viruses have complex relationships with bacteria, one infectious agent preying on or competing with another. The Russians used phage therapy for years, injecting their soldiers with highly specialized viruses called “bacteriophages” that only prey on the bacteria causing an infection. In the same fashion there’s coevolution in computer systems, with software springing up just to deal with problems in one program, or add functionality to another, like lateral gene transfer.
You may have heard of Mirai, a botnet that can turn your possessions into a vector for DDOS attacks (or mine Bitcoin). Now there’s Hajime: a worm that may have been designed to immunize your possessions against Mirai. Mirai is a virulent worm that co-opts devices on the so-called “Internet of Things” and uses unsecured devices for its controllers’ nefarious purposes. It does this by attacking vulnerabilities in out-of-date device firmware, allowing the malicious code to run HTTP requests. It includes a hard-coded list of “do not mess with” IP addresses, including some belonging to the Department of Defense and the US Postal Service — but anything else it can lay its grubby little digits on is fair game.
In October of 2016, reports surfaced of another worm targeting devices on the so-called “Internet of Things.” Since “mirai” is the Japanese word for “future,” Rapidity decided to name the newfound piece of malware “Hajime,” which in Japanese can mean “beginning.”
Based on time stamps and other characteristics in the code, its discoverers believe Hajime was active prior to the release of the Mirai botnet’s source code. Assuming the truth of these time stamps, it’s unlikely that Hajime contains any authentic Mirai source code. Hajime does use the same table of credentials Mirai uses to attempt to assert control over IoT-enabled devices, plus two. But otherwise, there’s little resemblance.
Hajime is based on the BitTorrent protocol and has no central command-and-control server. It’s more like a vaccine than a phage or virus, in that it doesn’t contain any DDoS capabilities, just the code for propagation. Hajime tries to gain access to IoT-enabled devices too. It sneaks in, covering its tracks. Then it blocks four ports Mirai is known to attack. It leaves in its wake a message:
Just a white hat, securing some systems.
Important messages will be signed like this!
Even if the author is as benevolent as he claims, the worm is still trying to access a backdoor, which would give it the option to push more malicious or damaging payloads to infected devices. There’s reason to speculate that Hajime is perhaps closer to a gray hat action, in that it could still be in its “latent” phase — like a virus lying dormant inside cells, just trying to infect as many devices as possible. What happens next is a familiar strategy to those who have played Pandemic or Plague, Inc., or perhaps the microbiologists among us: viruses also have a lytic phase that results in the destruction of the host cell. That’s when the symptoms show up. So you have to infect as many as possible before allowing your plague to betray more destructive symptoms of infection. Only once a critical density of hosts is achieved is it safe to go in for the kill.
In the end, however well-intentioned, Hajime is only a band-aid. As soon as the infected device is rebooted, it goes back to its previously vulnerable state, with ports open. The only real cure is updating firmware, which Hajime can’t do. So go update your toaster.
Now read: The 5 best VPNs
source : https://www.extremetech.com/internet/248087-meet-hajime-iot-botnet-built-vaccinate-devices-mirai