Linux.Darlloz

{{Short description|Computer worm for Linux IoT devices}}

{{Infobox software

| name = Linux.Darlloz

| logo =

| screenshot =

| caption =

| collapsible =

| author =

| developer =

| released =

| latest release version =

| latest release date =

| latest preview version =

| latest preview date =

| frequently updated =

| programming language =

| operating system = Linux

| platform =

| size =

| language =

| status =

| genre = Botnet

| license =

| website =

}}

Linux.Darlloz is a worm which infects Linux embedded systems.{{cite web | url=http://www.linux-magazine.com/Online/News/New-Worm-Attacks-Linux-Devices | title=New Worm Attacks Linux Devices | publisher=Linux Magazine | date=December 3, 2013 | accessdate=24 October 2016 | author=Casad, Joe}}{{cite web|author=Mohit Kumar |url=http://thehackernews.com/2013/11/Linux-ELF-malware-php-cgi-vulnerability.html |title=Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability |publisher=The Hacker News |date=2013-11-30 |accessdate=24 October 2016}}

Linux.Darlloz was first discovered by Symantec in 2013.{{cite web | url=http://www.technology.org/2013/12/03/update-symantec-discovers-linux-darlloz-worm-targetting-embedded-systems/ | title=Symantec discovers Linux.Darlloz worm targetting embedded systems | publisher=technology.org | date=December 3, 2013 | accessdate=24 October 2016}}

Linux.Darlloz targets the Internet of things and infects routers, security cameras, set-top boxes by exploiting a PHP vulnerability.{{cite web | url=https://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-internet-of-things-devices/ | title=New Linux worm targets routers, cameras, "Internet of things" devices | publisher=Ars Technica | date=2013-11-27 | accessdate=October 24, 2016 | author=Goodin, Dan}}{{cite web | url=https://www.wired.com/2014/01/spime-watch-linux-darlloz-internet-things-worm/ | title=Linux.Darlloz, the Internet-of-Things worm | publisher=Wired | date=2014-01-29 | accessdate=24 October 2016 | author=Sterling, Bruce}}

The worm was based on a Proof of concept code that was released in October 2013.{{cite web | url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=6cc8a697-5c01-45ba-ad5c-599eee0a4678&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments | title=Linux Worm Targeting Hidden Devices | publisher=Symantec | date=27 Nov 2013 | access-date=24 October 2016 | author=Hayashi, Kaoru}}

Linux.Darlloz utilizes vulnerability ({{CVE|2012-1823}}) to exploit systems in order to compromise systems.{{cite web | url=http://boingboing.net/2013/11/28/linux-darlloz-worm-attacks-emb.html | title=Linux.Darlloz worm attacks embedded systems | publisher=Boing Boing | date=Nov 28, 2013 | accessdate=24 October 2016 | author=Doctorow, Cory}}

Linux.Darlloz was later found in March 2014 to have started mining crypto currencies such as Mincoin and Dogecoin.{{cite web | url=https://www.zdnet.com/article/linux-worm-darlloz-targets-intel-architecture-to-mine-digital-currency/ | title=Linux worm Darlloz targets Intel architecture to mine digital currency | publisher=ZDNet | date=March 20, 2014 | access-date=24 October 2016 | author=Osborne, Charlie}}{{cite web | url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=00fcdbad-954d-42ff-af50-4d74001bdcbb&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments | title=IoT Worm Used to Mine Cryptocurrency | publisher=Symantec | date=19 Mar 2014 | access-date=24 October 2016 | author=Hayashi, Kaoru}}