New Malware May Not Be… Malicious
Traditional PC malware is no longer effective against new age hackers. These programs can infect routers and internet-connected devices whether you’ve downloaded malware or not. But now there a malicious code used by these hackers that can infiltrate the routers and devices, past traditional protectors. It then hardens your devices against traditional attacks, while leaving helpful messages and pays respects to free software activist Richard Stallman.
In 2014, Symantec became aware of this type of hack after one of their researchers noticed strange occurrences with his router. He came to find out that his router had essentially been turned into a zombie without him even realizing it. He told his Twitter followers that he also found an additional 13,000 other devices infected by the code.
After his announcements on Twitter, other researchers contacted each other to say that they had found it too. They gave it the nickname Reincarna and Zollard, and it has been floating around the internet since about 2013. The year 2013 itself was a bad year for malware, with about 82,000 threats each day.
The peer-to-peer network of malware actually doesn’t seem to be used to deny service or even to distribute malware. It uses the routers as a part of a botnet since Wifatch actually takes away the other malware from the devices. This includes “well known families of malware targeting embedded devices,” according to a Symantec release.
This isn’t cause to call this code benevolent though, they warn. Though it removes other malware and runs virus scans, it’s really just because it’s the strongest thing out there. They say that “numerous other signs point to Wifatch’s vigilante nature, however.”
The devices infected are automatically hardened against other malware attacks, and then has numerous other channels and updates on your computer.
The source code of this infection also shows up with a plea to law enforcement: “To any NSA and FBI agents reading this: Please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden’s example. EOF.”
“One could speculate that because Wifatch may not be able to properly defend this type of device, instead, its strategy may be to reboot it periodically which would kill running malware and set the device back to a clean state,” Symantec’s Mario Ballano writes.
The software also contains numerous debug messages allowing the code to be more easily gone through by researchers, showing that the author didn’t even really try to hide the code infecting devices.
The biggest issues with this code is that it infects without consent and “contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions.”
The thing is Symantec has been watching this software, and they haven’t seen any malicious activity. All of the backdoors and actions are still signed off by the original author of the script though. This reduces the risk of the script being hijacked by someone actually malicious.
To get Wifatch off of the computer, Symantec tells users to reset their routers. It will effectively kill the program. After that’s done,they should update their malware protection and change all passwords.