Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vigilante Malware Protects Routers Against Other Security Threats

Posted by Soulskill on from the cybersecurity-gets-weird dept.

Mickeycaskill writes: Researchers at Symantec have documented a piece of malware that infects routers and other connected devices, but instead of harming them, improves their security. Affected routers connect to a peer-to-peer network with other compromised devices, to distribute threat updates. 'Linux.Wifatch' makes no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates 'tens of thousands' of devices are affected and warns that despite Wifatch's seemingly philanthropic intentions, it should be treated with caution.

"It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," said Symantec. "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions." There is one simple solution to rid yourself of the malware though: reset your device

4 of 79 comments (clear)

  1. Re:How is it malware then? by Anonymous Coward · · Score: 4, Informative

    "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions."

    Patching systems or not, creating new backdoors really doesn't make it "doing good things."

  2. Symantec infects a device with a user's consent. by tlambert · · Score: 4, Informative

    It should be made clear that Symantec is a piece of code that infects a device /with/ user consent and in that regard is the same as any other piece of malware that is installed via a phishing attack.

  3. jailbreakme.com by tlambert · · Score: 4, Informative

    The original iPhone jailbreaking site, "jailbreakme.com", used the tiff library exploit to install the installer, and then patched the tiff exploit behind itself to prevent it being used for any other (nefarious) purpose, so this type of thing is not a unique or even new idea.

  4. Re:Misnomer by TWX · · Score: 3, Informative

    I need proof that it effectively removes or disables itself once it's on there and has no possibility of later command-and-control and could not be directly co-opted by someone with bad intentions before I would call it white-hat. History is loaded with examples where someone or something appeared altruistic but turned out to be sinister in the end.

    --
    Do not look into laser with remaining eye.