New virus removes malware and increases security on infected routers
30 replies, posted
[url]http://www.pcworld.com/article/2988933/security/this-vigilante-virus-protects-you-against-malware-attacks-quotes-richard-stallman.html[/url]
[QUOTE] Symantec first became aware of the superhero malware—dubbed Linux.Wifatch—in 2014, when an independent researcher noticed weirdness occurring on his router. As it turns out, the router had been transformed into a zombie, thrall to a large, sophisticated peer-to-peer botnet. He reported via Twitter that he had identified over 13,000 other devices infected with it.
That prompted other researchers to chime in that they too had identified it, variously nicknaming it Reincarna and Zollard — which was spotted in Internet-connected devices as far back as 2013.
The P2P network isn’t used to conduct denial of service attacks or distribute malware, however. Instead, it passes malware threat updates between the zombies in the botnet, because Wifatch actually eliminates any other malware on your device, including “well known families of malware targeting embedded devices,” according to Symantec. [/QUOTE]
[QUOTE]Once installed, Wifatch hardens a device against traditional attack channels, including killing its legitimate Telnet daemon—but when it does so, it leaves a useful tip if you try to connect via Telnet afterward, imploring you to update the device’s firmware and change its Telnet password, as seen above.[/QUOTE]
Give the article a read for full info. Basically this malware infects routers to increase their security, and the botnet it runs has been observed only to spread updates to the Antivirus. If you want to get rid of, just reboot the router, but this is pretty cool.
Good thing I haven't yet replaced the failing hard drive in my router so I reboot it about once a week.
/s
[QUOTE=Levelog;48813241]Good thing I haven't yet replaced the failing hard drive in my router so I reboot it about once a week.[/QUOTE]
We reboot our modem almost daily because the piece of shit likes to suddenly stop working until you do.
I'd always expected that someone would do this one day.
It's a Guardian, mend and defend motherfuckers!
It's like the good bacteria in your body except it's not your body it's routers.
[QUOTE=Levelog;48813241]Good thing I haven't yet replaced the failing hard drive in my router so I reboot it about once a week.
/s[/QUOTE]
Your router has a hard drive?
Ah. so its like white blood cells but with routers and botnets. that is pretty fucking cool!
[QUOTE=Sableye;48813326]Your router has a hard drive?[/QUOTE]
Yeah, it's an x86 based router OS. I've just been too lazy to change the hard drive, and next paycheck I'm picking up a compact flash drive to migrate it to... so why use the effort?
[QUOTE=BANNED USER;48813307]It's a Guardian, mend and defend motherfuckers![/QUOTE]
Viral guardian? Better check for green veins, yo.
then years later it's program changes and becomes some kind of super virus that has already affected everyone's machines by making people think that it was good and then it shuts the entire web down omg
It's the Antivirus Gotham deserves
yeeeah my WRT54GS has been acting up since 2013
not allowed to custom firmware it yet (main wifi :v:)
[QUOTE=Sableye;48813326]Your router has a hard drive?[/QUOTE]
Levelog works in networking or something IIRC, so he probably has a more competent network setup; meaning running a dedicated piece of hardware (not your everyday shit "wireless router" switch) and an OS like Openwrt or OPNsense.
Oh that's something new to me for sure. Reminds me of the first time I was introduced to pokérus. Except this time it actually sounds somewhat useful.
This is not the first time something like this has happened. I remember a case back all the way in Windows 98 where there was an OS breaking glitch. The night after the glitch was discovered, a virus infected many computers around the world. The next morning, the glitch was gone, and the virus had disappeared. I always find it so cool how people can instead of being complete dicks actually help others with these viruses.
[QUOTE=BANNED USER;48813307]It's a Guardian, mend and defend motherfuckers![/QUOTE]
Basically defending users and doing a datamining operation is easier than phishing. Evil is evil, this is just the lesser evil, however evil still remains
Reminds me of this: [url]https://facepunch.com/showthread.php?t=1487855[/url]
I wonder if there are more beneficial viruses out there. I'd certainly love for the trend to be more "unexpected but does good for you" rather than "unexpected and is damaging/malicious"
[QUOTE=ElectricSquid;48814823]I wonder if there are more beneficial viruses out there. I'd certainly love for the trend to be more "unexpected but does good for you" rather than "unexpected and is damaging/malicious"[/QUOTE]
the definition of a virus is something that is detrimental, thats not detrimental silly
[QUOTE=VinLAURiA;48813276]I'd always expected that someone would do this one day.[/QUOTE]
The debatable worlds second virus was like that, to delete the first, called creeper
[QUOTE=BANNED USER;48813307]It's a Guardian, mend and defend motherfuckers![/QUOTE]
You are my new favorite mod due to this.
Whilst it may sound nice in theory, it is still unauthorised software/code with the potential to be utilised by the author to do harm, or someone with access to the authors data.
[QUOTE=Map in a box;48814872]the definition of a virus is something that is detrimental, thats not detrimental silly[/QUOTE]
[QUOTE=Dictionary]a piece of code that is capable of copying itself and [B]typically [/B]has a detrimental effect, such as corrupting the system or destroying data.[/QUOTE]
Key word in this definition is "typically". It mainly just needs to be self-replicating to be classed as a virus.
[QUOTE=Megaman1811;48813330]Ah. so its like white blood cells but with routers and botnets. that is pretty fucking cool![/QUOTE]
More like Sickle Cell defending you from Malaria.
An antivirus virus. Cool
I wonder if any charges will be filed against them should they be caught. Other than the fact that they are running code on people's machines without their consent, I don't see much wrong with this if the fix actually is effective and doesn't inadvertantly open up new holes.
So, what, do I have to reboot my router now?
I'm rather confused about this. I can't find anything anywhere about whether it's specific to a brand of routers, certain country, etc. Sorry, but 13,000 routers really isn't all that many. It'd be great if much more information about it was released.
Original post from Symantec
[url]http://www.symantec.com/connect/blogs/there-internet-things-vigilante-out-there[/url]
It mainly affects arm devices. From what I gather, since it has its own interpreter, it can adapt and infect many types of devices, none in specific (although it has some specific exploits)
Sorry, you need to Log In to post a reply to this thread.