Monday, October 12, 2015
White Team malware killing router malware
Linux.Wifatch (or ‘Reincarnia’ according to some sources) has now infected more than 10,000 routers so far. Here’s the thing though, after Symantec identified the new router infection campaign and dissected the code it didn’t find any obvious malicious intent. Instead, it appeared that Linux.Wifatch was acting in a kind of router vigilante capacity by scanning for and deleting any known malware infections, disconnecting the channels used by other malware to attack the router, and advising the user to change their default passwords and update the firmware. Symantec has not yet, in two months of monitoring the malware, found any evidence of it doing anything malicious. Apart from accessing the router without permission in the first place, and installing itself there of course. So is this hardware hardening malware actually a force for good? The White Team, which claims to be the group responsible for developing the code, certainly want us to accept that it is. The group has published the source code, minus infection code, build scripts, the private key and parts of the command and control code that would enable others to easily abuse it.