- Over 2,000 devices taken down in the span of a few hours
- Attacks are apparently being carried out from an Iranian server
- Hacker planning to add even more destructive functions in the malware.
A new IoT worm called Silex, which began operating on Tuesday, has reportedly disabled over 2,000 devices in the span of a few hours.
It was Akamai researcher Larry Cashdollar who first spotted the malware. He told ZDNet that Silex works by trashing an IoT device’s storage, dropping firewall rules, removing the network configuration and then halting the device.
“It’s targeting any Unix-like system with default login credentials,” Cashdollar was quoted as saying.
To recover from the attack, victims must manually reinstall the device’s firmware, which according to the ZDNet report, is a complicated task.
Cashdollar said that Silex could even take down Linux servers that were badly configured.
Some of the attacks were apparently carried out from novinvps.com, which is based in Iran.
Who’s responsible for this destructive malware
As per ZDNet’s report, the malware’s creator is a 14-year-old who calls himself “Light Leafon.”
With the help of NewSky Security researcher Ankit Anubhav, ZDNet contacted the hacker. Anubhav had already contacted Leafon earlier, when Leafon released a precursor to Silex called HITO that attacked IoT devices last month.
Leafon has revealed that he has plans to develop the malware further and add even more destructive functions.
“It will be reworked to have the original BrickerBot functionality,” Leafon told Anubhav and ZDNet.
Plans include adding the ability to log into devices via SSH, besides the current Telnet hijacking capability. Further, Light also plans to incorporate exploits into Silex, giving the malware the ability to use vulnerabilities to break into devices, similar to how most IoT botnets operate today.
“My friend Skiddy and I are going to rework the whole bot. It is going to target every single publicly known exploit that Mirai or Qbot load,” he was quoted as saying.
Back in 2017, the old BrickerBot malware destroyed over ten million IoT devices. The creator, known under the pseudonym of the Janit0r, launched the attacks as a form of protest against owners of smart devices that, at the time, were constantly getting infected with the Mirai DDoS malware.