Remember when a bunch of your favorite websites didn’t work? That was probably from a distributed denial-of-service attack orchestrated using the Mirai worm. And you may or may not know that this worm works it’s way through unsecured IoT devices, primarily web enabled security cameras.
Did you also know that there are two other worms that are out there that are trying to infect IoT devices using the same vectors as Mirai in an attempt to block Mirai from being spread?
Hajime worm spreads the same way as Mirai, but when it infects a vulnerable IoT device, it is supposed to secure the device against Mirai and then try to spread itself. Interestingly, it’s allegedly more sophisticated because it uses a peer-to-peer method of being controlled instead of having a single command-and-control server to phone home to, which makes it more robust. Theoretically, it could spread under the guise of being benevolent or benign and then have the switch flipped to behave differently.
BrickerBot is the other competing worm. The alleged author claims that it was written with similar goals as Hajime, to prevent the spread of Mirai. However, Hajime’s failing is that it doesn’t effect the firmware of its infected device, which means if the IoT device is rebooted, it loses anything that it might have gained from Hajime. (Also of note, this is how most people who know they’ve got a device infected by Mirai clear it of the infection, just turning it off and on again. But, apparently Mirai is so rampant that a re-infection of that device is pretty much guaranteed to happen again within hours, not days.) BrickerBot takes a different approach by permanently damaging the firmware of the devices so that it never ever works again.