Discovered that some 10,000 routers were hacked by someone to increase security


ByPeter Dahlgren

Malware that has infiltrated the user's network often uses the user's router to launch additional attacks after intruding. However, Symantec discoveredLinux.WifatchMalware is said to be acting to increase the security of the device rather than misuse it while infecting 10,000 routers with Linux.

Is there an Internet - of - Things vigilante out there? | Communauté Symantec Connect
http://www.symantec.com/connect/blogs/there-internet-things-vigilante-out-there

Someone Has Hacked 10,000 Home Routers To Make Them More Secure - Forbes
http://www.forbes.com/sites/thomasbrewster/2015/10/01/vigilante-malware-makes-you-safer/

Linux.Wifatch malware was discovered in 2014. A security researcher found out a strange code on the router of his house and found a strange code in the software "Connect to a P2P network composed of devices infected with Wifatch."

In April 2015, with further information on Linux.Wifatch Symantec investigated the impact of malware on devices. In the initial investigation, Linux.Wifatch seemed to be like any uncharacteristic code, but Linux.Wifatch was made more elaborate than other malware code as we proceed with the investigation I understand. As a result of analyzing the code, Linux.Wifatch was written in the Perl language, it turned out that once infected the device will continue to receive updates to connect to the P2P network and counter the threat on the Internet .


"The more I was going to investigate Linux.Wifatch, the stronger the feeling that" this code is something different "became stronger," Symantec said. Looking at the code, the author of Linux.Wifatch seemed to be more security-enhancing than exploiting malware infected devices. After that, although it was Symantec which monitored P2P movement of Linux.Wifatch over several months, there was no malicious movement again.

Aside from those with professional knowledge, users of common routers and IoT devices are hardly noticed that their devices are infected with malware. Linux.Wifatch not only allowed users of such users to avoid access from the outside but also displayed the message "Please change your password" "Please update your firmware" to the user. In addition, there was also embedded a module that tries to invalidate the malware affecting the device.


Free software activist'sRichard Stallman"To the officials of NSA and FBI who read my mail to the end of the mail sent by himself, in order to protect the US Constitution from domestic and foreign enemies,SnowdenLet's learn from the case ", but in the code of Linux.Wifatch it seems that comments similar to this message were added. In addition, it would have been easy for the author to make the code complicated, but Linux.Wifatch was written simply to make it easy to analyze, and others are not afraid of others looking suspicious in code .

The percentage of countries found by Symantec that devices infected with Linux.Wifatch are as follows. The most common is China, followed by Brazil, Mexico and India.


The most infected architecture is ARM, 85% overwhelming.


Perhaps there is a hidden intention, but from the content that Symantec has investigated, Linux.Wifatch seems to be keeping the safety of users of IoT devices like a super hero of American comic I will.

However, even though the above work is recognized, it is true that Linux.Wifatch is a malware that affects devices without user's permission. It is thought that the goal is to keep P2P network from being obsessed by others, but backdoors are also being discovered. Symantec says, "I will keep a close watch on Linux.Wifatch and the trend of the author so that I can be aware if something moves in the future."

in Security, Posted by logq_fa