SYMANTEC is reporting about Linux.Wifatch
They are suggesting that it might be a good guy type of internet threat that wants to solve problems with the Internet of Things.
I know that this sounds a little strange, and not your usual computer infection, It’s like a cyber Batman helping people out. Symantec thinks it sounds like the stuff of Hollywood, and admits that Linux.Wifatch is an unlikely proposition.
Symantec are quoted as saying “We first heard of Wifatch back in 2014, when an independent security researcher noticed something unusual happening on his home router,”
See below tweet:
The Linux/Wifatch hasn’t been caught doing anything bad. No malicious modules. Batman? #VB2015 -> keeping the devices safe from bad guys…?
— Claus Cramon Houmann (@ClausHoumann) October 1, 2015
“At first sight there was nothing unusual about it. As part of Symantec’s efforts to identify malware targeting embedded devices we run a large network of honeypots that collect many samples, and Wifatch seemed to be just another of these threats.
“However, after a closer look, this particular piece of code looked somewhat more sophisticated than the average embedded threat we usually spot in the wild.”
The malware is unusual as it appears to be doing something good. Symantec dug into the code and found evidence of positives, adding that the code gives the impression that its author is working on the side of good.
“Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates,” said Symantec in a post on the Security Response Blog.
“The further we dug into Wifatch’s code the more we had the feeling that there was something unusual about this threat. For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities.”
The firm has tracked the malware for a few months, and has “yet to observe” any malicious actions being carried out. Symantec has, however, found evidence of clean-up work including remediation against the Telnet daemon.
“Wifatch not only tries to prevent further access by killing the legitimate Telnet daemon, it leaves a message in its place telling device owners to change passwords and update the firmware,” said the post.