Is this IoT malware acting for the greater good?


Malware is rarely in the news for the right reasons yet a new variant may well be patching up security flaws on the Internet of Things front.

First reported by Symantec, the Linux.Wifatch might be taking the fight to cyber criminals by secretly helping out unsuspecting users, however, the security specialists are still not entirely convinced that this can actually be true.

The far-fetched malware was first spotted back in 2014 when a security researcher noticed something weird happening on his home router. He found processes that weren't part of the device's legitimate software and looked into it further. What he found was something that turned the router into a virtual zombie connected to a peer-to-peer (P2P) network of other infected devices.

Symantec's involvement

Knowing this, Symantec got to work and found the Wifatch code is written in the Perl programming language and targets several architectures and uses a static Perl interpreter with each one. When infected it connects to a P2P network that distributes threat updates and it was upon further inspection that things got even weirder.

"Wifatch not only tries to prevent further access by killing the legitimate Telnet daemon, it also leaves a message in its place telling device owners to change passwords and update the firmware," Symantec said.

The security firm did go on to say that even though it does genuinely seem to be doing some good, the fact remains that it has exploited a device without the express consent of the user.

On a tight leash

"Despite the previously listed actions, it should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," Symantec added.

Symantec is keeping a particularly close eye on the malware and is advising those that are infected to reset devices immediately as well as keep both device firmware and software updated on a regular basis.