Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vigilante Malware Protects Routers Against Other Security Threats

Posted by Soulskill on from the cybersecurity-gets-weird dept.

Mickeycaskill writes: Researchers at Symantec have documented a piece of malware that infects routers and other connected devices, but instead of harming them, improves their security. Affected routers connect to a peer-to-peer network with other compromised devices, to distribute threat updates. 'Linux.Wifatch' makes no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates 'tens of thousands' of devices are affected and warns that despite Wifatch's seemingly philanthropic intentions, it should be treated with caution.

"It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," said Symantec. "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions." There is one simple solution to rid yourself of the malware though: reset your device

4 of 79 comments (clear)

  1. How is it malware then? by hyperar · · Score: 5, Insightful

    Is doing good things, that's not malware.

    1. Re:How is it malware then? by OzPeter · · Score: 4, Insightful

      Is doing good things, that's not malware.

      If I walk into your house through the unlocked front door while you are not home, does it protect me from trespassing charges if while I am there I made your bed and did your dishes?

      --
      I am Slashdot. Are you Slashdot as well?
  2. Finally! by Lab+Rat+Jason · · Score: 4, Insightful

    This. Is. Awesome!

    Finally someone has decided to return to the roots of hacking... making something change just to see the change happen!

    --
    Which has more power: the hammer, or the anvil?
  3. Re:Misnomer by Anonymous Coward · · Score: 4, Insightful

    No. It's whitehat.

    If you're dumber than a sack of hammers and never update your router to fix security problems with its firmware, then this worm (not malware, just a software worm) fixes it for you to prevent some other exploit from doing far, far worse.

    Grayhat is when it also MITM's your https sessions to steal financial details.

    Admittedly, we don't know if this particular worm is whitehat or grayhat yet. We do know for certain that it isn't pure blackhat. And that was pretty much what Symantec said, but in srsbsnss corporate terms.