Good news, you have a virus!
Cyber criminals are beginning to take an increased interest in home routers and the Internet of Things (IoT) market as a whole. It's not that there's a lot of personal data sitting on such devices, but the allure of controlling all these Internet-connected gadgets is what's of interest, especially when plotting a distributed denial-of-service (DDoS) attack. However, a newly discovered virus that's taken residence on thousands of routers may have your best interest in mind.
Security firm Symantec is calling the virus Linus.Wifatch (just Wifatch from here on out). It first came to light in 2014 when a security researcher noticed some unusual activity on his home router. After doing some digging, he discover a rather sophisticated piece of code that turned his router into a zombie connected to a P2P network of infected devices.
Symantec did some digging of its own and found that much of Wifacth's code is written in Perl. It targets several architectures and ships its own static Perl interpreter to each one. Once a device is infected, it connects to a P2P network that distributes threat updates.
"The further we dug into Wifatch’s code the more we had the feeling that there was something unusual about this threat. For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities," Symantec explains.
Symantec hasn't found a shred of evidence to suggest Wifatch is shipping payloads used for malicious purposes, like DDoS attacks. Just the opposite, it appears that Wifatch is making routers more secure, both by blocking outside hacks and attempting to remove any existing malware it finds.
So it appears there's a vigilante hacker out there, a geek version of Batman, if you will. However, Symantec notes that even though Wifatch appears to be making routers more secure, it's still being installed without consent. It also contains several backdoors that the author could use for malicious purposes, if desired.
"Whether the author’s intentions were to use their creation for the good of other IoT users—vigilante style—or whether their intentions were more malicious remains to be seen," Symantec says.
Follow Paul on Google+, Twitter, and Facebook
From maximumpc
from http://bit.ly/1jDugip
