A vigilante hacker may have built a computer worm to protect the IoT

Symantec has noticed the Hajime IoT malware leaving a message on the devices it infects

IDG

IDG

Is a vigilante hacker trying to secure your IoT device from malware? The mysterious developer behind a growing computer worm wants people to think so.

The worm, known as Hajime, has infected tens of thousands of easy-to-hack products such as DVRs, internet cameras, and routers. However, the program so far hasn't done anything malicious.

Instead, the worm has been preventing a notorious malware known as Mirai from infecting the same devices. It's also been carrying a message written from its developer.

"Just a white hat, securing some systems," the message reads. "Stay sharp!"

Security firm Symantec posted about the new development on Tuesday and said the efforts from the so-called "white hat," or ethical hacker, appear to be having an effect.

screen shot 2017 04 19 at 11.53.07 am Symantec

The message left behind Hajime's developer.

The worm has been competing against Mirai, another fast-spreading malware that had, at one point, been enslaving vulnerable IoT devices by the hundreds of thousands.

The purpose of Mirai was to create botnets -- networks of infected computers that can be used for ill. In October, a Mirai botnet was blamed for launching a massive distributed denial-of-service attack that disrupted internet traffic across the U.S.

The rise of Mirai has raised questions about what the security industry can do stop it. The malware will continue to spread and harass, as long as the IoT devices it uses remain easy to hack.

Enter Hajime, which was first discovered in October. It's been racing to infect some of the same devices Mirai has. Once it does, the worm will block access to certain ports on the IoT device, preventing other malware from exploiting them.

Owners of these Hajime-infected devices shouldn't notice any disruption, said Waylon Grange, a security researcher at Symantec. "The protocols used by Hajime are designed not to degrade network performance," he said.

Experts had already speculated that Hajime may have come from a vigilante hacker out to stop Mirai.

screen shot 2017 04 19 at 11.34.54 am Symantec

Top 10 Hajime-infected countries.

However, Symantec has found some possible proof. The company noticed that the computer worm has been leaving a message over infected devices since at least March, Grange said. That message has been digitally signed and fetched in a way that leaves little doubt it comes from Hajime's developer.

The short message doesn't reveal anything about the Hajime developer's identity. But the vigilante hacker is aware the security community has been studying the Hajime worm.

One clue: The mysterious developer refers to himself or herself as the "Hajime author" in the message the worm has been leaving behind. However, it was actually security researchers at Rapidity Networks that came up with the name Hajime, which is Japanese for the term "beginning."

In addition, the mysterious developer has been patching bugs in Hajime computer worm that researchers previously reported.

"The thought of security researchers inadvertently assisting malware authors is worrying," Grange wrote in his blog post for Symantec.

So how concerned should we be about Hajime?

"On the one hand, I'd like Hajime to choke out Mirai," Grange said. "But then, I don't know what Hajime’s author would do then."

Fortunately, the current form of Hajime isn't built with malicious capabilities. But the fear is its developer will one day choose to modify the worm, to launch DDoS attacks or engage in other forms of cybercrime, Grange said.

Hajime also contains a feature that makes it hard to stop: The worm doesn’t take commands from a single server owned by its mysterious developer. Instead, it communicates over a peer-to-peer network. That means a whole host of devices infected with Hajime can be used to relay files or instructions to the rest of the group.

"If Hajime turned evil, it would be more difficult to deal with," Grange said.

Symantec offered a modest estimate that puts Hajime's size in the tens of thousands of infected devices. The company has found the worm spreading to Brazil, Iran, Thailand, and Russia, among other countries.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?