A new Internet of Things (IoT) bricking worm — malware designed to permanently disable the hardware it infects — is hitting Linux-based devices, and it appears the culprit responsible for the attack is 14 years old.
The new software, dubbed "Silex," is running across the Internet looking for Linux systems deployed with default admin credentials. Once it finds such a system, it overwrites all of the system's storage with random data, drops its firewall rules, removes its network configuration, and then restarts the system — effectively rendering the device useless.
Discovered by Larry Cashdollar, a vulnerability researcher and member of Akamai's Security Incident Response Team, the software is purely destructive; it captures no data and asks for no ransom. Researcher Ankit Anubhav traced the malware back to its origins and found the developer, who uses the online name "Light Leafon." According to Anubhav, the malware's author says that additional destructive capabilities are planned for future Silex variants.
More than 2,000 systems have already been damaged by Silex, which is not technically limited to IoT devices. It could attack any Linux system deployed on the Internet with open telnet ports and default admin credentials. Other researchers have noted that the command-and-control servers for Silex have IP addresses linked to Iran, leading some to speculate that political, as well as simply destructive, aims are behind its release.