Vigilante Malware Protects Routers Against Other Security Threats

Mickeycaskill writes: Researchers at Symantec have documented a piece of malware that infects routers and other connected devices, but instead of harming them, improves their security. Affected routers connect to a peer-to-peer network with other compromised devices, to distribute threat updates. 'Linux.Wifatch' makes no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates 'tens of thousands' of devices are affected and warns that despite Wifatch's seemingly philanthropic intentions, it should be treated with caution.

"It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," said Symantec. "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions." There is one simple solution to rid yourself of the malware though: reset your device

Misnomer

I would call that palware and not malware.

Re:Misnomer

No. It's whitehat.

If you're dumber than a sack of hammers and never update your router to fix security problems with its firmware, then this worm (not malware, just a software worm) fixes it for you to prevent some other exploit from doing far, far worse.

Grayhat is when it also MITM's your https sessions to steal financial details.

Admittedly, we don't know if this particular worm is whitehat or grayhat yet. We do know for certain that it isn't pure blackhat. And that was pretty much what Symantec said, but in srsbsnss corporate terms.

Re:Misnomer

[TWX]

I need proof that it effectively removes or disables itself once it's on there and has no possibility of later command-and-control and could not be directly co-opted by someone with bad intentions before I would call it white-hat. History is loaded with examples where someone or something appeared altruistic but turned out to be sinister in the end.

Re:Misnomer

[fredgiblet]

Nope, Microsoft released a version for Windows called Windows 10 though.

How is it malware then?

[hyperar]

Is doing good things, that's not malware.

Re:How is it malware then?

"It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions."

Patching systems or not, creating new backdoors really doesn't make it "doing good things."

Re:How is it malware then?

[OzPeter]

Is doing good things, that's not malware.

If I walk into your house through the unlocked front door while you are not home, does it protect me from trespassing charges if while I am there I made your bed and did your dishes?

Re:How is it malware then?

[Krishnoid]

Exactly how many dishes and how long have they been sitting in the sink?

Re:How is it malware then?

[Minwee]

How do you know that it's doing good things?

And even if it did good things for someone else, how would you know that it was still doing good things by the time it hit your router?

Re:How is it malware then?

[Minwee]

Sure thing. Just post your address here along with the times when you will be out of the house with the doors unlocked and I assure you that everything will be cleaned out by the end of the day.

Up. I meant up. You can totally trust me on that. Have I ever lied to you before?

Re:How is it malware then?

[Irate+Engineer]

What a deal! My address is One Schroeder Plaza, Boston, MA 02120. I won't be around for a while, but you can go right in any time day or night.

Bring doughnuts

Finally!

[Lab+Rat+Jason]

This. Is. Awesome!

Finally someone has decided to return to the roots of hacking... making something change just to see the change happen!

Let it be christen

[megavlad]

This type of virus-like good-guy software shall hereby be known as: Rogueware

Rogueware: A stealth cyber agent which defends crapware.

Symantec infects a device with a user's consent.

[tlambert]

It should be made clear that Symantec is a piece of code that infects a device /with/ user consent and in that regard is the same as any other piece of malware that is installed via a phishing attack.

jailbreakme.com

[tlambert]

The original iPhone jailbreaking site, "jailbreakme.com", used the tiff library exploit to install the installer, and then patched the tiff exploit behind itself to prevent it being used for any other (nefarious) purpose, so this type of thing is not a unique or even new idea.

defend the IO tower!

[Thud457]

His name is TRON, he fights for the Users.

Fixing vulnerabilities is pretty common in malware

[DougOtto]

Lots of malware actually does close security holes, after exploiting the device. If you've worked very hard (or shelled out large amounts of case) for a working zero day, the last thing you want is some other asshole compromising your hacked system and screwing up your back door.

Hmmmmm

[JustAnotherOldGuy]

This....makes me uneasy.

It appears to be benign (or even helpful) but this is a slippery slope...and I can see all sorts of things that can go wrong here.

I want to root for the good guys here (pun intended, heh!) but I don't know...anything that fiddles with my PC or server without my explicit, informed consent and permission just doesn't sit well with me.

It sort of reminds me of the viruses that infect your PC and then disable any competing viruses it finds, so it has your PC all to itself. It doesn't do it for benevolent reasons, it does it because it's greedy and doesn't want to share.

So I dunno. I can't say as I like it, and I can't say as I don't. Major conflicted feelings here.