Linux.Wifatch

Linux.Wifatch
Aliases	Reincarna; Zollard;
Author(s)	The White Team
Operating system(s) affected	Linux
Written in	Perl

Linux.Wifatch is an open-source piece of malware which has been noted for not having been used for malicious actions, instead attempting to secure devices from other malware.^[2]

Linux.Wifatch operates in a manner similar to a computer security system and updates definitions through its Peer to Peer network and deletes remnants of malware which remain.^[3]

Linux.Wifatch has been active since at least November 2014.^[4] According to its authors the idea for Linux.Wifatch came after reading the Carna paper.^[5] Linux.Wifatch was later released on GitLab by its authors under the GNU General Public License on October 5, 2015.^[6]

Operation[edit]

Linux.Wifatch's primary mode of infection is by logging into devices using weak or default telnet credentials.^[2]^[4] Once infected, Linux.Wifatch removes other malware and disables telnet access, replacing it with the message "Telnet has been closed to avoid further infection of his device. Please disable telnet, change telnet passwords, and/or update the firmware."^[2]

References[edit]

^ ^a ^b Schick, Shane (October 6, 2015). "Linux.Wifatch: The Router Virus That May Be Secretly Defending You From Other Malware". Security Intelligence. Archived from the original on 7 December 2016. Retrieved 7 December 2016.
^ ^a ^b ^c ^d ^e Ballano, Mario (1 Oct 2015). "Is there an Internet-of-Things vigilante out there?". Symantec. Retrieved 14 November 2016.
^ Das, Samburaj (October 2, 2015). "Linux.Wifatch: Vigilante Hacker Infects Routers with Malware to Fight Bad Malware". hacked.com. Retrieved 14 November 2016.
^ ^a ^b Kovacs, Eduard (October 7, 2015). "Developers of Mysterious Wifatch Malware Come Forward". securityweek.com. Retrieved 15 November 2016.
^ "linux.wifatch". The White Team. October 5, 2015. Retrieved 15 November 2016.
^ Cimpanu, Catalin (Oct 7, 2015). "Creators of the Benevolent Linux.Wifatch Malware Reveal Themselves". Softpedia. Retrieved 14 November 2016.

External links[edit]

Linux.Wifatch at GitLab

[securityintelligence1-1] Schick, Shane (October 6, 2015). "Linux.Wifatch: The Router Virus That May Be Secretly Defending You From Other Malware". Security Intelligence. Archived from the original on 7 December 2016. Retrieved 7 December 2016.

[symantec1-2] Ballano, Mario (1 Oct 2015). "Is there an Internet-of-Things vigilante out there?". Symantec. Retrieved 14 November 2016.

[3] Das, Samburaj (October 2, 2015). "Linux.Wifatch: Vigilante Hacker Infects Routers with Malware to Fight Bad Malware". hacked.com. Retrieved 14 November 2016.

[securityweek1-4] Kovacs, Eduard (October 7, 2015). "Developers of Mysterious Wifatch Malware Come Forward". securityweek.com. Retrieved 15 November 2016.

[5] "linux.wifatch". The White Team. October 5, 2015. Retrieved 15 November 2016.

[6] Cimpanu, Catalin (Oct 7, 2015). "Creators of the Benevolent Linux.Wifatch Malware Reveal Themselves". Softpedia. Retrieved 14 November 2016.

[1]

[2]

[3]

[4]

[5]

[6]

Aliases	Reincarna^[1] Zollard^[1]
Author(s)	The White Team
Operating system(s) affected	Linux
Written in	Perl^[2]

Linux.Wifatch

Operation[edit]

See also[edit]

References[edit]

External links[edit]