Vigilante Malware

Vigilante. The word itself conjures up images of a man in a mask, leaping across rooftops as he chases wrongdoers, dancing with the devil in the pale moonlight. In films and on TV, the vigilante is usually the character we support. But would you welcome a vigilante into your home in real life?

The question is not as hypothetical as it may seem. In a fascinating turn of events, security firm Symantec recently published the story of on an exceptional piece of malware that goes by the name Linux.Wifatch.

Wifatch was discovered a year ago by an independent researcher, but Symantec has spent more time studying it after it infected one of the company's honeypot machines. Wifatch targets embedded Linux devices, such as home Wi-Fi routers and Internet of things (IoT) devices. Once it has gained a foothold on a device, it alters other software and connects to a peer-to-peer network, downloading payloads and receiving commands from the malware's author.

Wifatch is designed to avoid casual detection. The process runs under a false name and is designed to crash any debugging tools that try to inspect the process in memory. Tracking down the location of the files on the filesystem is not easy, and when you do find them, you need to reverse-engineer the compression routine to discover what's inside.

None of that makes the malware exceptional, however. Instead, it's the nature of the payloads that it downloads. You see, while other malware downloads viruses and other horrible exploits, Wifatch installs security patches, terminates insecure services, such as telnet, and eliminates any other malware infections it might find. It also alerts users to update their firmware and change their passwords. In other words, Wifatch seems to be working to make infected systems more secure.

But is Wifatch a good thing? Don't forget that it propagates by exploiting your system, installs itself on your devices without your consent, and then makes changes and modifications without your knowledge.

And, that brings us back to the nature of vigilantes--people who fight evil from the shadows, who consider themselves "above" the law, recognizing no authority other than their own conscience.

There are established ways that security hackers can contribute to the common good. Discovering security holes and then publicly publishing them to security boards helps software developers improve their products, leading to safer systems for all of us. The key points here are that all of those actions are open. Information is publicly shared with people so they can make their own security decisions.

To me, Wifatch is more like a doctor who creeps into your house when you're asleep, silently injects you with the latest vaccines, throws away your cigarettes and leaves a note in your fridge recommending a healthier diet.