IoT Malware Strains Mirai and Hajime Compete Over Resources

Internet of Things malware is nothing new under the sun these days. Most companies and consumers are well aware of the Mirai botnet, which has been terrorizing IoT devices for some time now. However, it appears we have a good “war of the botnets” on our hands right now, as the Hajime IoT botnet is looking to make quite the impact over the coming weeks.

Hajime Wants To Square off Against Mirai

Botnets competing with one another to cause as much damage as possible to Internet of Things devices is not a positive development by any means. Although the Hajime botnet is allegedly designed by a white hat hacker, it is quite interesting to see how it plans to take on Mirai in the coming months. In fact, it appears botnets can also be used for doing good, which seemed virtually impossible up until this point. Then again, technology is not inherently good or bad, but the people who use it may have good or nefarious intentions.

It seems obvious Hajime and Mirai will go toe-to-toe sooner or later. Whereas Hajime looks to secure Internet of Things devices, Mirai is designed to cause havoc and enslave these devices for future DDoS attacks, among other purposes. With millions of devices around the world vulnerable to these types of malware attacks, it will be interesting to see which botnet can claim victory over the other as more time progresses.

While it is commendable to see a white hat hacker design a botnet more than capable of handling Mirai, it remains to be seen what the creator’s true intentions are. Security experts are convinced this is the work of a “vigilante white hat hacker”. Albeit he or she has not come forward at this time. Moreover, it appears Hajime uses a similar approach as we have seen from Mirai, by infecting unsecured IoT devices. However, there is a big difference between the two botnets, which should not be overlooked by any means.

It is quite refreshing to see Hajime has no malicious functionality whatsoever. That does not mean the malware remains dormant once it has successfully penetrated an IoT device, though. However, it seems to be closing off vulnerable ports and other security holes exploited by the Mirai botnet. That in itself is quite an intriguing approach, which will hopefully reduce Mirai’s chances of success in the future. It is unclear if Hajime can nullify a Mirai threat for devices already infected with the nefarious botnet, though.

Another major difference between Mirai and Hajime is how the latter does not use a central command-and-control server. Instead, the malware makes use of a peer-to-peer architecture to send commands to its bots. This communication includes configuration and software updates, according to a thorough analysis of this “good” malware by the Rapidity Networks team. The malware is actively spreading itself across the internet over the BitTorrent DHT protocol. So far, this approach seems to work just fine, although Hajime still has a long road ahead.

The only way to successfully shut down threats such as IoT botnet malware is by competing for the same resources. Hajime is doing quite a good job in this regard, although playing catch-up is never fun. It is not the first time vigilante malware is created, though, as a similar type of “good” IoT malware was first discovered back in 2015 under the name off Wifatch. While these efforts are designed to keep devices safe, collateral damage can’t always be avoided either.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.