A feeling of dread almost spread within IT departments, already very busy with the plugging of the Log4Shell flaw. In one tweet, the “vx-underground” account relays the discovery of a first worm using this terrible flaw as part of a Mirai botnet. That would have been bad news, because a worm is arguably the most dangerous genre of malware out there. Because it spreads automatically and, combined with the destructive power of Log4Shell, the consequences would have been serious.
Also to discover in video:
But fortunately, this is not true. The information spread by “vx-underground” is false, as researcher Marcus Hutchings has observed. “I reverse-engineered this alleged log4j worm and it doesn’t work at all (…) Besides, I wouldn’t call it a worm, because it doesn’t spread automatically (…) C ‘rather a distributed scan’, he explains on a series of tweets. However, that does not mean that there will never be a worm with Log4Shell. Caution remains in order.