A vigilante hacker may have built a computer worm to protect the IoT

Symantec has noticed the Hajime IoT malware leaving a message on the devices it infects



Is a vigilante hacker trying to secure your IoT device from malware? The mysterious developer behind a growing computer worm wants people to think so.

The worm, known as Hajime, has infected tens of thousands of easy-to-hack products such as DVRs, internet cameras, and routers. However, the program so far hasn't done anything malicious.

Instead, the worm has been preventing a notorious malware known as Mirai from infecting the same devices. It's also been carrying a message written from its developer.

"Just a white hat, securing some systems," the message reads. "Stay sharp!"

Security firm Symantec posted about the new development on Tuesday and said the efforts from the so-called "white hat," or ethical hacker, appear to be having an effect.

screen shot 2017 04 19 at 11.53.07 am Symantec

The message left behind Hajime's developer.

The worm has been competing against Mirai, another fast-spreading malware that had, at one point, been enslaving vulnerable IoT devices by the hundreds of thousands.

The purpose of Mirai was to create botnets -- networks of infected computers that can be used for ill. In October, a Mirai botnet was blamed for launching a massive distributed denial-of-service attack that disrupted internet traffic across the U.S.

The rise of Mirai has raised questions about what the security industry can do stop it. The malware will continue to spread and harass, as long as the IoT devices it uses remain easy to hack.

Enter Hajime, which was first discovered in October. It's been racing to infect some of the same devices Mirai has. Once it does, the worm will block access to certain ports on the IoT device, preventing other malware from exploiting them.

Owners of these Hajime-infected devices shouldn't notice any disruption, said Waylon Grange, a security researcher at Symantec. "The protocols used by Hajime are designed not to degrade network performance," he said.

Experts had already speculated that Hajime may have come from a vigilante hacker out to stop Mirai.

screen shot 2017 04 19 at 11.34.54 am Symantec

Top 10 Hajime-infected countries.

However, Symantec has found some possible proof. The company noticed that the computer worm has been leaving a message over infected devices since at least March, Grange said. That message has been digitally signed and fetched in a way that leaves little doubt it comes from Hajime's developer.

The short message doesn't reveal anything about the Hajime developer's identity. But the vigilante hacker is aware the security community has been studying the Hajime worm.

One clue: The mysterious developer refers to himself or herself as the "Hajime author" in the message the worm has been leaving behind. However, it was actually security researchers at Rapidity Networks that came up with the name Hajime, which is Japanese for the term "beginning."

In addition, the mysterious developer has been patching bugs in Hajime computer worm that researchers previously reported.

"The thought of security researchers inadvertently assisting malware authors is worrying," Grange wrote in his blog post for Symantec.

So how concerned should we be about Hajime?

"On the one hand, I'd like Hajime to choke out Mirai," Grange said. "But then, I don't know what Hajime’s author would do then."

Fortunately, the current form of Hajime isn't built with malicious capabilities. But the fear is its developer will one day choose to modify the worm, to launch DDoS attacks or engage in other forms of cybercrime, Grange said.

Hajime also contains a feature that makes it hard to stop: The worm doesn’t take commands from a single server owned by its mysterious developer. Instead, it communicates over a peer-to-peer network. That means a whole host of devices infected with Hajime can be used to relay files or instructions to the rest of the group.

"If Hajime turned evil, it would be more difficult to deal with," Grange said.

Symantec offered a modest estimate that puts Hajime's size in the tens of thousands of infected devices. The company has found the worm spreading to Brazil, Iran, Thailand, and Russia, among other countries.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?