Linux.Wifatch: The malware which helps rather than hinders your router

Well, this is a new one – a piece of malware has been discovered which infects routers, but bolsters their protection against other viruses and nastiness, rather than doing anything bad.

Linux.Wifatch apparently improves the security of routers, many of which are poorly configured and are increasingly targets for malware authors.

Symantec spotted the virus, and wrote a detailed blog post (spotted by IBT) on exactly what it gets up to in terms of strengthening routers and also IoT devices (the Internet of Things is set to become the next security nightmare as it explodes going forward).

According to the security firm, Wifatch is a fairly sophisticated virus which connects to a peer-to-peer network, except instead of doing anything malicious, it’s used to distribute updates to block other threats.

Symantec said it has been observing Wifatch for months now, and has “yet to observe any malicious actions being carried out through it”.

As well as trying to clean up common malware infections, Wifatch also contains messages to device owners urging them that they need to update firmware or change default passwords.

However, despite the fact that this particular virus is apparently a good guy, it’s still code that infects a router (or IoT device) without permission, and has a number of built-in backdoors which could be used to carry out malicious actions, Symantec observes.

There’s also the possibility that future versions could be changed and warped to do bad things…

At any rate, you can remove the Wifatch malware simply by resetting the infected device. Symantec notes: “However, devices may become infected again over time. If possible, users are advised to keep their device’s software and firmware up to date and to change any default passwords that may be in use.”

And if users do so, Wifatch will have again done them a big favour…