Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Now there’s Hajime: a worm that may have been designed to immunize your possessi

ID: 3884421 • Letter: N

Question

Now there’s Hajime: a worm that may have been designed to immunize your possessions against Mirai. Mirai is a virulent worm that co-opts devices on the so-called “Internet of Things” and uses unsecured devices for its controllers’ nefarious purposes. It does this by attacking vulnerabilities in out-of-date device firmware, allowing the malicious code to run HTTP requests. It includes a hard-coded list of “do not mess with” IP addresses, including some belonging to the Department of Defense and the US Postal Service — but anything else it can lay its grubby little digits on is fair game.

In October of 2016, reports surfaced of another worm targeting devices on the so-called “Internet of Things.” Since “mirai” is the Japanese word for “future,” Rapidity decided to name the newfound piece of malware “Hajime,” which in Japanese can

.B ased on time stamps and other characteristics in the code, its discoverers believe Hajime was active prior to the release of the Mirai botnet’s source code. Assuming the truth of these time stamps, it’s unlikely that Hajime contains any authentic Mirai source code. Hajime does use the same table of credentials Mirai uses to attempt to assert control over IoT-enabled devices, plus two. But otherwise, there’s little resemblance.

Hajime is based on the BitTorrent protocol and has no central command-and-control server. It’s more like a vaccine than a phage or virus, in that it doesn’t contain any DDoS capabilities, just the code for propagation. Hajime tries to gain access to IoT-enabled devices too. It sneaks in, covering its tracks.

Hajime uses a decentralized peer-to-peer network to issue commands and updates to infected devices. This design makes it more resistant to takedowns by ISPs and Internet backbone providers. Hajime uses the same list of user name and password combinations Mirai uses, with the addition of two more. It also takes steps to conceal its running processes and files, a feature that makes detecting infected systems more difficult. Most interesting of all: Hajime appears to be the brainchild of a grayhat hacker, as evidenced by a cryptographically signed message it displays every 10 minutes or so on terminals.

Another sign Hajime is a vigilante-style project intended to disrupt Mirai and similar IoT botnets: It blocks access to four ports known to be vectors used to attack many IoT devices. Hajime also lacks distributed denial-of-service capabilities or any other attacking code except for the propagation code that allows one infected device to seek out and infect other vulnerable devices.

Hajime isn't the first botnet to shows signs its mission is to take out poorly secured Internet devices. Two weeks ago, researchers uncovered IoT malware they dubbed BrickerBot. BrickerBot gets its name because it attempts to damage routers and other Internet-connected appliances so badly that they become effectively inoperable, or "bricked." In 2015, researchers from security provider Symantec exposed Wifatch, a piece of Linux malware that works much the way Hajime does.

There's a temptation to applaud Hajime and its companions because they take aim at one of the great Internet scourges.

Aside from the long-term inefficacy of Hajime, the fact remains that what its designer is doing—surreptitiously installing a backdoor without permission on tens of thousands of devices—is both unethical and illegal in most jurisdictions around the world. For this reason, I'm characterizing it as a grayhat project rather than a whitehat one, as Grange and the Hajime developer do. Illegal as they are, Hajime and BrickerBot are understandable and possibly inevitable reactions to the proliferation of poorly secured IoT devices, a vexing problem that seems to only be getting worse

Hajime targets embedded/Internet of Things (IoT) devices and spreads by scanning the public internet for devices running Telnet servers with insecure default credentials.

Like Mirai, Hajime is a worm, meaning it’s capable of infecting a device and then spreading to other devices in the network without any human intervention. Like Mirai, Hajime also targets IoT devices. It penetrates them by scanning open Telnet ports and then breaking in using default factory passwords.

Hajime has a couple of other features that’s supposed to make it more effective than Mirai. For example, instead of using a centralized C&C (Command-and-Control) server for sending commands to its bots, Hajime uses a P2P (peer-to-peer) architecture. In this architecture, the bots themselves also serve as C&Cs.

To take down a botnet, you need to chop off its head by severing the C&C channel. Thus, Hajime’s network is more resilient than Mirai’s because it consists of multiple C&Cs (i.e., multiple heads to chop off) while the latter may only have one or two of them.

The Hajime botnet is constantly evolving, with the authors adding new features to make it even more stealthy and resilient as well as more effective at breaking into IoT devices.

Once it’s able to break into a device, Hajime tries to conceal its activities by hiding its running processes and accompanying files. It also enables attackers to open a remote shell over which they can issue commands.

With all these advanced features, you’d think Hajime would be all set to claim Mirai’s turf. It could, but strangely, the authors of Hajime don’t seem interested in doing that. Unlike Mirai, Hajime’s not equipped with DDoS (Distributed Denial-of-Service) capabilities. In fact, in its current form, it doesn’t seem to have any capabilities for attacking other systems (except of course the IoT devices it ensnares).

According to researchers, Hajime displays a cryptographically signed message on the terminals (if there are any) of ensnared devices. The message goes states: “Just a white hat, securing some systems. Important messages will be signed like this! Hajime Author. Contact CLOSED Stay sharp!”

Hajime does have a few weaknesses though. Like Mirai, Hajime only gets loaded in the device’s RAM. Thus, it lacks a persistence mechanism that would allow it to stay in the device indefinitely. As soon as the device is rebooted, it would automatically be free from the Hajime infection and those blocked ports would be open (and vulnerablAccording to a new blog post analysis from Symantec Corporation, Hajime has been quickly spreading worldwide over the last few months, accumulating at least tens of thousands of bots since first being discovered and subsequently disclosed in October by researchers at Rapidity Networks.

Symantec has detected especially large clusters of infections in Brazil and Iran, whose native IoT devices represent 19 and 17 percent of total infections, respectively. (Thailand and Russia are third, with 11 percent of Hajime infections each.)

Based on its own honeypot network data, Rapidity Networks in October extrapolated that Hajime at the time was likely executing 260-370 billion infected attempts per day and had already successfully compromised somewhere between 130,000 and 185,000 devices.

Unlike Mirai, which has been used to mine bitcoins and launch high-bandwidth distributed denial of service attacks, Hajime appears to have no malicious functionality. Rather, it is built primarily to propagate itself, while also defending infected machines against Mirai-type attacks by closing off their open, vulnerable Telnet ports.

Hajime also displays a message on affected terminals approximately every 10 minutes, which reads: "Just a white hat, securing some systems. Important messages will be signed like this! Hajime Author. Contact CLOSED Stay sharp!" Such behavior, Symantec noted, suggests that Hajime may be the work of a white-hat hacker, perhaps looking to suppress Mirai's malicious handiwork. (In light of these revelations, SC Media has reached out to Rapidity Network for its own latest analysis on the malware.)

Although Hajime appears innocuous, and maybe even benevolent in nature, it is not without its concerns. Waylon Grange, senior malware researcher at Symantec (and author of his company's Hajime blog post) acknowledged in an interview with SC Media that there is currently "no hard evidence that Hajime is actually affecting Mirai" in terms of its size and scope.

Moreover, rebooting a device infected by Hajime would reopen its vulnerable ports again, leaving it susceptible once again to Mirai. "And so, we are left with embedded devices stuck in a sort of Groundhog Day time loop scenario," Grange wrote in the blog post. "One day a device may belong to the Mirai botnet, after the next reboot it could belong to Hajime, then the next any of the many other IoT malware/worms that are out there scanning for devices with hardcoded passwords. This cycle will continue with each reboot until the device is updated with a newer, more secure firmware."

And finally, Grange warned that a malware author's intentions can always change so long as he has backdoor control of a device or machine.

Rapidity Network gave Hajime its name because it is the Japanese word for "beginning," while Mirai is translated as "future." Both malware programs scan the Internet for IoT devices with open ports and vulnerable default passwords, but beyond this their differences become apparent.

For instance, Hajime propagates itself via a decentralized peer-to-peer network rather than a more traditional command-and-control model like its predecessor Mirai. "Hajime's... network is designed after some common peer-to-peer networks like those used by Bittorrent," Grange told SC Media. "This provides a large amount of redundancy," making takedowns more difficult to execute.

"In a typical botnet takedown, the idea is to take out the command-and-control server. Without it, the botnet won't know where to get commands from," Grange continued. "In a peer-to-peer network all the peers get their information from connecting to each other, [so] there is no central place to hit to bring it down. The controller simply selects from random one node, passes it the message... and tells it to spread the word."

In his blog post, Grange also noted that Hajime is stealthier than Mirai because it takes measures to concept its processes and hide its files.

Furthermore, Hajime's author "can open a shell script to any infected machine in the network at any time, and the code is modular, so new capabilities can be added on the fl," Grance wrote." It is apparent from the code that a fair amount of development time went into designing this worm."

Grange told SC Media that Hajime and Mirai infect many of the same kinds of IoT devices, with a few notable exceptions. "Mirai targets some processor types that Hajime doesn't -- namely ppc, sh4, sparc, and x86 processors. It's unclear why Hajime doesn't target those devices," said Grange. "[An] earlier version of Hajime did have a x64 build but that seems to have fallen off in the most recent version of the malware."

e to either a Mirai or Hajime infection) once again.

Write up a COMPLETE SYNOPSIS of the malware in your own words , what it does, how it works, etc. and where it did damage

Explanation / Answer

Answer:

There are two worm : Hajime , Mirai. “mirai” is the Japanese word for “future,” Hajime is based on the BitTorrent protocol and has no central command-and-control server.

Hajime and mirai:

Hajime is a worm that may have been designed to immunize your possessions against Mirai.

Hajime uses a decentralized peer-to-peer network to issue commands and updates to infected devices.Hajime tries to gain access to IoT-enabled devices too. It sneaks in, covering its tracks. Hajime uses a decentralized peer-to-peer network to issue commands and updates to infected devices.Hajime uses the same list of user name and password combinations Mirai uses, with the addition of two more.

Hajime targets embedded/Internet of Things (IoT) devices and spreads by scanning the public internet for devices running Telnet servers with insecure default credentials.

Like Mirai, Hajime is a worm, meaning it’s capable of infecting a device and then spreading to other devices in the network without any human intervention. Like Mirai, Hajime also targets IoT devices. It penetrates them by scanning open Telnet ports and then breaking in using default factory passwords.

Hajime uses a P2P (peer-to-peer) architecture. and mirai uses centralized C&C (Command-and-Control) server for sending commands

Grange noted that Hajime is stealthier than Mirai because it takes measures to concept its processes and hide its files. Grange told SC Media that Hajime and Mirai infect many of the same kinds of IoT devices, with a few notable exceptions.

Related Questions

Now that you have assessed your current physical activity levels, develop and de
Question #239553
Now that you have completed this course and covered all the basics of business,
Question #1107088
Now that you have completed this course in Statistics, please describe a concept
Question #3243141
Now that you have completed this course in Statistics, please describe a concept
Question #3257857
Now that you have completed your analysis of recruitment and selection practices
Question #3326870
Now that you have completed your readings, your task is to assess the impact of
Question #3456168
Now that you have completed your readings, your task is to assess the impact of
Question #3456384
Now that you have concluded the target system, it is important for you to know t
Question #178390
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Chat Now And Get Quote

Navigate

Previous
Now the work is starting to get real. Write a function called read_response_file
Next
Now thet you hove read and reved Chopter 1, take your learning a Several studies

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.