Wifatch Router Virus May Fight Malware

If there's such a thing as "ethical malware," the software security firm Symantec said it might have identified an example: a piece of code named Linux.Wifatch that has infected "tens of thousands" of routers but appears to work to protect those devices from different types of well-known, more damaging malware.

Wifatch was first described in November in a two-part post on a blog called "Loot Myself: Malware Analysis and Botnet tracking." It is a "sophisticated piece of code" that connects infected routers to a peer-to-peer network of other infected devices, according to Mario Ballano, a senior security response engineer at Symantec. Unlike other malware, however, Wifatch doesn't appear to be used for malicious purposes, he said.

Instead, the unusual malware apparently works to prevent further infections and sometimes even delivers a message telling device owners to change their Telnet passwords and/or update their firmware. Another aspect is that the source code contains a line of text famously used as an e-mail signature by software freedom activist and GNU Project founder Richard Stallman.

That text states, "To any NSA and FBI agents reading this: please consider whether defending the U.S. Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example." Edward Snowden was a former government contractor who leaked classified information from the U.S. National Security Agency in 2013.

Like Something Out of a 'Hollywood Movie'

The Wifatch story "could well work as the script of a Hollywood movie or superhero comic," Ballano noted in an Oct. 1st post on Symantec's Security Response Blog.

Routers, along with a growing number of other networked household devices giving rise to the Internet of Things, "are becoming more interesting to cyber crooks" not because of the data they contain but because of their ability to connect to other devices and enable activities like distributed denial-of-service...

Comments are closed.