Routers are among the liabilities of Internet security, often being the victim of malware infections. Infected routers can power up distributed denial of services attacks (DDoS), leading to the crumbling of firewalls under cyber attacks.

However, an unconventional malware called Linux.Wifatch was reported on Oct. 1, and it does the exact opposite. Not only does it get rid of malicious software, but it also inspires users to update their firmware and passwords.

Mario Ballano, researcher at security behemoth Symantec, stated that the author of the Wifatch could be a "vigilante," a white hat one. More clues point to this conclusion, especially due to the comments that are so transparently left in the affected routers' code.

"To any NSA and FBI agents reading my email: please consider whether defending the U.S. Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example," a comment in the source code quotes Richard Stallman, software freedom advocate. It is plainly readable in the code of Wifatch-touched routers.

Symantec reports the Wifatch software is now present in at least 10,000 routers operating on Linux. It runs across a peer-to-peer network and scans Telnet ports that are vulnerable, shutting down the sensitive ones.

After that, it kindly asks users to modify their passwords and update the router's firmware then uses its custom created module to eliminate "well-known families of malware targeting embedded devices."

It appears that the person or group behind Linux.Wifatch does not belong to either Anonymous or LulzSec. The two established hacktivist groups approach Internet security in opposite ways: while Anonymous showcases its work by aggressive action, LulzSec limits itself to exposing the breaches it discovers. The constructive endeavor of Wifatch puts its coders in an entirely different arena.

However, security experts remind that the software is still performing illegal action by infecting machines without consent from their owners.

"Whether the author's intentions were to use their creation for the good of other IoT users—vigilante style—or whether their intentions were more malicious remains to be seen," Ballano pointed out. He concluded that the code in the Linux.Wifatch is interesting.

Violating systems as a path to remediation, however, is not right, advises Ted Harrington, an IoT security expert from Independent Security Evaluators.

A reset of the router deletes the software entirely, Internet safety analysts say.

Photo: Martin McKeay | Flickr

ⓒ 2021 All rights reserved. Do not reproduce without permission.