Like many internet worms, the Hajime malware has a lifecycle. A Hajime infection begins when  a node already in the Hajime network–scanning random IPv4 addresses on the public internet–discovers a device which accepts connections on TCP port 23, the designated port for the Telnet service. The attacking Hajime node attempts several username and password combinations from its hardcoded list of credentials and, upon being granted entry, examines the target system and begins its infection in stages. The first stage is a small, short-lived file-transfer program which connects back to the attacking node and copies down a much larger download program. The download program–the second stage–joins a peer-to-peer decentralized network and retrieves its configuration and a scanning program. The scanning program searches the public internet for more vulnerable systems to infect, thus continuing the lifecycle.

[emaillocker id=5644][/emaillocker]

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.