May 3, 2017 by

Mysterious IoT Worm Hajime Builds 300,000-Strong Botnet

A new ‘vigilante’ IoT worm that blocks rival botnets, titled Hajime (Japanese for ‘beginning’ has steadily amassed a huge P2P botnet of 300,000 compromised devices, according to Kaspersky researchers.

First revealed in a public report by RapidityNetworks in October 2016, Internet of Things (IoT) worm Hajime was soon spotted with initial samples uploaded from Spain. Researchers deem it as a ‘continuously evolving’ worm. Curiously, the Hajime IoT worm actively fights the dreaded Mirai botnet to wrestle control of low-security and easily hackable IoT devices, pointing to a vigilante operation. However, the botnet could inversely be abused by attackers as a cyber-weapon, stroking concerns among security researchers.

“The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, partly due to new exploration modules, its purpose remains unknown,” Kaspersky researchers wrote.

Hajime currency works as a propagation module, without any hint of code pointing at attack capabilities.

A piece of text displayed during intervals of downloading a new configuration file reads:

Just a white hat, securing some systems. Important messages will be signed like this! Hajime Author. Contact CLOSED Stay sharp!

“Whether the author’s message is true or not remains to be seen,” wrote Kaspersky researchers. “Nevertheless, we advise owners of IoT devices to change the password of their devices to one that’s difficult to brute force and to update the firmware if possible.

The worm’s most frequent target is DVRs or digital video recorders. Webcams and routers. Research shows Vietnam accounting for 20% of Hajime-compromised IoT devices, followed by the likes of Taiwan, Brazil, Turkey and Korea.

Perhaps notably, the worm is hardcoded to avoid several networks including regions such as Tehran in Iran, South Africa and private networks belonging to General Electric, Hewlett Packard (HP) and the United States Postal Service, among others.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward

DDoS Attacks Blamed on Mirai-Style Botnet of 70,000 Android Devices

Researchers from a number of cybersecurity giants are banding together to fight a vast botnet...

Read more arrow_forward

Researchers Develop Mirai Malware Vaccine for Insecure IoT Devices

Researchers have developed a novel new way to combat the dreaded Mirai botnet, the malware behind a...

Read more arrow_forward