The strange case of malware that protects your PC

The strange case of malware that protects your PC

What if some secret, Internet vigilante was protecting PCs from threats? In a shroud of mystery, he would type out code in the middle of the night, a dark hoodie pulled over his face…

And load malware onto your router.

It may seem like the plot of a high-stakes thriller novel, but it’s a real-life scenario (minus, perhaps, the hoodie). The Internet security firm Symantec has reported code, named Wifatch, that attacks home routers. The twist?

Wifatch actively protects its victims from other forms of malware.

What is Wifatch?

Wifatch is a piece of code that connects routers to a peer-to-peer network of similarly infected devices. If that doesn’t sound familiar, review our post on botnet to learn about how an infection like this can turn your PC into a zombie.

The original detector of the code was an independent security researcher, L00t_myself, who noticed it on his own home router. Symantec has been following Wifatch for a while now, noting the following about the sophisticated code:

  • It is written in the Perl programming language
  • It targets following architectures: ARM (83%), MIPS (10%), and SH4 (7%)
  • It connects infected devices to a peer-to-peer network

What’s especially odd is that router infections are generally secured for pretty evil reasons. But Wifatch hasn’t delivered any kind of payload…at least, not yet.

So far, it seems, Wifatch is actually protecting systems against malware.

Wifatch is…protecting you?

Wifatch is using this botnet of infected routers to distribute threat updates and remedy malware infections, instead of issuing DDoS attacks like you would expect.

What’s more, Symantec reports that the malware is trying to harden the infected devices. It even tells owners when to change passwords or update firmware. In a sense, Wifatch is fighting fire with fire – or malware with malware.


Wifatch seems suspiciously helpful. Source: Symantec

But the plot thickens. The creator of Wifatch reached out to Symantec, and was subsequently interviewed for their blog. He admits that while he has no malicious intentions, Wifatch could have an exploitable bug or someone could steal the key.

Can I trust you to not do evil things with my devices?
Yes, but that is of no help – somebody could steal the key, no matter how well I protect it. More likely, there is a bug in the code that allows access to anybody.

So ultimately, even if the creator of the code has good intentions, your PC is at risk for a malicious payload as a result of Wifatch.

The bottom line

While Wifatch is very interesting malware, it isn’t one you should be trying to contract. The reality is, a secure PC wouldn’t have Wifatch to begin with. You wouldn’t like it if a superhero was hiding in your house all the time just in case someone broke in. It’s still an invasion of your privacy, so Wifatch is ultimately malware.

Remember to have a secure anti-malware program and to create complex passwords. As the creator of Wifatch himself said:

Linux.Wifatch doesn’t use elaborate backdoors or 0day exploits to hack devices. It basically just uses telnet and a few other protocols and tries a few really dumb or default passwords (our favourite is “password”). These passwords are well-known – anybody can do that, without having to steal any secret key.

Basically it only infects devices that are not protected at all in the first place!

Have a great, vigilante-free day!

  • Alisuda Rahmani

    Why in the world, so many folks ,wasting their talent,hurting&annoying strangers?.by creating malwares.viruses.trojans ,etc. ‘re they after money?,some maybe, but not all.

    • Cinnamon Girl

      Just another form of terrorism, but that wasn’t the case here..

      • Alisuda Rahmani

        You’re right on, darling girl.

  • Dec

    This isn’t any worse than the vulnerability itself, except that it’s better because it uses the exploit to keep actual malware out. Sure, it could be used by its controller for nefarious purposes or sold to malicious operators, but malware isn’t malware until it actually does something bad.

    • Alisuda Rahmani

      Mal is bad in Latin languages.

      • luna

        I don’t know, I think we could use some vigilantes in the tech scene. I don’t think he should leave it open like that but I appreciate the honesty. To say why I think their should be more people helping even if its like this, I think with our government spying on people and corporations like Microsoft being privacy nightmares(read the TOS READ THE TOS!) and then some I think… this is hardly a bad thing. Unless he decides to use it to steal information or kill peoples computers etc etc etc or someone else gets a hold of it and does that etc etc etc… I do however think maybe it should be optional… but like its said, only the computers that have nothing protecting them can get infected. So mixed feelings on this.