SECURITY OUTFIT SYMANTEC is reporting on a thing called Linux.Wifatch that might be a good guy type of internet threat that wants to solve problems with the Internet of Things.
This sounds unusual and unlikely. A cyber Robin Hood, operating in the shadows and actually helping people out, sounds like anathema to the internet. To be fair Symantec makes it clear that it sounds like the stuff of Hollywood, and admits that Linux.Wifatch is an unlikely proposition.
"We first heard of Wifatch back in 2014, when an independent security researcher noticed something unusual happening on his home router," the firm said in a statement.
The Linux/Wifatch hasn't been caught doing anything bad. No malicious modules. Batman? #VB2015 -> keeping the devices safe from bad guys...?— Claus Cramon Houmann (@ClausHoumann) October 1, 2015
"At first sight there was nothing unusual about it. As part of Symantec's efforts to identify malware targeting embedded devices we run a large network of honeypots that collect many samples, and Wifatch seemed to be just another of these threats.
"However, after a closer look, this particular piece of code looked somewhat more sophisticated than the average embedded threat we usually spot in the wild."
The malware is unusual as it appears to be doing something good. Symantec dug into the code and found evidence of positives, adding that the code gives the impression that its author is working on the side of good.
"Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates," said Symantec in a post on the Security Response Blog.
"The further we dug into Wifatch's code the more we had the feeling that there was something unusual about this threat. For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities."
The firm has tracked the malware for a few months, and has "yet to observe" any malicious actions being carried out. Symantec has, however, found evidence of clean-up work including remediation against the Telnet daemon.
"Wifatch not only tries to prevent further access by killing the legitimate Telnet daemon, it leaves a message in its place telling device owners to change passwords and update the firmware," said the post. µ
And it'll even undo the damage
Affected employees have 60 days to find a new home at the company
Doesn't inspire confidence in HongMeng's appeal
But don't get too excited if you've already got one