dailymail.co.ukdailymail.co.uk - April 20 view article

'Benign' worm infects tens of thousands of gadgets, but its creator claims it will PROTECT you from hackers

  • The mysterious worm has been hunting the web for vulnerable smart devices 
  • It has already cracked into CCTV systems, internet routers and other gadgets
  • Security experts are baffled as to who created it and what it will be used for
  • But the infectious software could actually be used to protect vulnerable devices from malicious attacks

A mysterious hacker's worm is hunting the web for vulnerable smart devices. 

The 'Hajime worm' has already cracked into CCTV systems, internet routers, digital video recorders and 'tens of thousands' of other internet-of-things (IoT) devices.

Security experts are baffled as to who created the Hajime worm or what it may eventually be used for.

But the infectious software could actually be used to protect vulnerable devices from malicious attacks.

Scroll down for video 

A mysterious hacker's worm is hunting the web for vulnerable smart devices. The mysterious 'Hajime worm' has already cracked into CCTV systems internet routers, digital video recorders and 'tens of thousands' of other internet-of-things (IoT) devices (stock image)

Security experts are baffled as to who created the Hajime worm or what it may eventually be used for.

The rapid software is currently outpacing several other major pieces of malware designed to seek out the same vulnerabilities. 

It was first discovered in October 2016 when researchers reported it was spreading through IoT devices with security vulnerabilities that could be exploited by a different worm, called Mirai.

Even moderate estimates suggest that Hijame has infected 'tens of thousands' of devices, Symantec researcher Waylon Grange wrote in a blog.

But the worm's author claims it is actually fixing vulnerabilities rather than exploiting them. 

The rapid worm is currently outpacing several other major pieces of malware designed to seek out the same vulnerabilities. 

While the Hajime worm has embedded itself in thousands of devices, the only action it appears to take is to display a message.

The message is reportedly from the worm's creator and displays on the internal interface of the device.

Among other things, the message reads: 'Just a white hat, securing some systems.'

The term 'white hat' is typically used to describe hackers who infect other devices to secure their vulnerabilities rather than exploit them.

Malicious hackers are conversely known as 'black hats'.

'There is a question around trusting that the author is a true white hat and is only trying to secure these systems, as they are still installing their own backdoor on the system,' Symantec researcher Waylon Grange wrote in a blog.

The worm's creator claims it is protecting devices from malicious hacks. The only action the software appears to take is to display a message. The message reads, among other things: 'Just a white hat, securing some systems' (stock image)

Although the term 'Internet of Things' (IoT) first appeared in 2005, there is still no widely accepted definition.

The phrase 'IoT' often refers to devices or sensors - other than computers, smartphones, or tablets - that connect, communicate or transmit information over the web.

IoT includes gadgets bought by consumers, as well as products and services designed for businesses to help machines 'communicate' with each other.

For example, the term IoT can include the Radio Frequency Identification (RFID) tags businesses place on products in stores to track their inventory, or sensors that monitor electricity use in hotels. 

If whoever is behind the Hajime worm changes their mind, they could turn the infected devices into a 'massive' attack network, he said.

The Hajime worm was first discovered in October 2016 when researchers reported it was spreading through IoT devices with security vulnerabilities that could be exploited by a different worm, called Mirai.

Earlier that month Mirai had knocked out several high-profile websites including Twitter, Spotify and Reddit by infecting a network of devices.

Some suggest that the Hijame worm was designed to stop malicious worms like Mirai in their tracks. 

Infectious worms like Hijame and Mirai have to spread rapidly by infecting new victims because switching off an infected device generally clears the worm out.

Even moderate estimates suggest that Hijame has infected 'tens of thousands' of devices, wrote Mr Grange.

But Hijame has no 'attack code' embedded into the worm and so cannot mount the sort of attacks that Mirai has, Mr Grange said.

Alex Mathews, lead security expert at Positive Technologies, told MailOnline: 'Good digital worms fighting bad digital worms on a battlefield of connected devices might sound like a science fiction novel, but it is indicative of the ever more complex security landscape created by the IoT.

'In short, the more things that are connected to the Internet, the greater the opportunity there is for an attacker.

'As always, security should be built in from the very beginning to minimize the risk of such a scenario in the first place.' 

dailymail.co.ukdailymail.co.uk - April 20 view article