Hajime is the name of a malware — a worm — that is currently infecting thousands of devices connected to the public Internet. The worm mainly targets digital video recorders (DVRs), webcams and routers. According to researchers at Kaspersky Lab, more than 300,000 devices have already been infected world-wide. The worm is unique in several ways, one of them being that nobody seems to know what its purpose is.

Reading up on the subject is quite interesting and reveals how security experts go about to hunt malware. Like explorers in the rain forest looking for new species and placing traps, security experts place so-called honeypots, special computer systems intended to attract malicious activity for information-gathering purposes. When, at the end of Octobre 2016, they were hunting the Mirai worm, they accidentally caught something unknown, and baptised it ‘Hajime’ (‘beginning’ in Japanese, ‘Mirai’ being Japanese for ‘future’).

The Hajime worm spreads itself by using infected systems to attack others, there is no central server. It targets insecure systems running Linux using a two-phase attack. After gaining access through Telnet, the worm first uploads and executes a small program to establish a good connection to the attacking host, and then downloads the files needed to add itself to the malicious peer-to-peer (P2P) network and turn into an attacker. The P2P network is based on protocols used in BitTorrent.

To avoid getting infected, the classic security rules apply, and especially the one that says: change the default password!

Image: public domain