‘Vigilante’ Malware Protects Routers Against Security Threats

Another, dropped as a comment in the source code, repeats a statement from free-software icon Richard Stallman: “To any NSA or Federal Bureau of Investigation agents reading this: please consider whether defending the USA constitution against all enemies, foreign or domestic, requires you to follow Snowden’s example”.


Security giant Symantec has discovered a new vigilante malware that behaves like most other malware by infecting a vulnerable device, remaining undetected while operating and actively updating itself over a peer-to-peer (P2P) network. Symantec said that “tens of thousands” of gadgets were harbouring Wifatch.

A benevolent virus has been used to harden more than 10,000 home routers against cyber-attacks, says a security firm. Instead of harming the compromised router and the computers on its network, Wifatch secures it by safeguarding it from other malware. Such infections are also hard to detect so they can go unnoticed for long periods of time.

Instead of stealing your credit card or doing anything malicious at all, a highly virulent piece of malware, recently uncovered by security researchers at Symantec, actually defends your machine against hackers and even remedies other malware infections.

As part of its efforts to track emerging malware threats, Symantec operates a large network of so-called honeypots to collect samples of code from the wild and observe how they work in action. “It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions”, Ballano adds. “It looks like the author wasn’t particularly anxious about others being able to inspect the code”, he said.

Currently, after infecting IoT devices, Wifatch starts performing a series of good-will gestures like shutting down Telnet access, updating the firmware, and sometimes leaving a message in the admin console, asking the device’s legitimate owner to change their password to a more secure one.

Symantec is keeping a particularly close eye on the malware and is advising those that are infected to reset devices immediately as well as keep both device firmware and software updated on a regular basis.

According to Symantec, 32 percent of the affected devices are located in China, 16 percent in Brazil, nine percent in Mexico and India, seven percent in Turkey, Italy and Vietnam, five percent in the USA and the Republic of Korea, and three percent in Poland.


“There is no doubt that Linux.Wifatch is an interesting piece of code”, Ballano said. “Whether the author’s intentions were to use their creation for the good of other IoT users – vigilante style – or whether their intentions were more malicious remains to be seen”, Ballano stressed.

Internet router