Malware for good

What if someone created a computer virus which illegally infected as many systems as it could via the Internet and made them more secure against attacks by unauthorized users?

Would you call that malware? How about vigilante malware?

The further we dug into Wifatch’s code the more we had the feeling that there was something unusual about this threat. For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities.

Wifatch’s code does not ship any payloads used for malicious activities, such as carrying out DDoS attacks, in fact all the hardcoded routines seem to have been implemented in order to harden compromised devices. We’ve been monitoring Wifatch’s peer-to-peer network for a number of months and have yet to observe any malicious actions being carried out through it.

In addition, there are some other things that seem to hint that the threat’s intentions may differ from traditional malware.

Interesting.

But what you have to wonder is, why didn’t the software writers for these devices (these are embedded systems for the “Internet of Things”) include the capability for automatic updates and eliminate the need for some “vigilante” to do it for them?

6 thoughts on “Malware for good

  1. Fascinating. I’m trying to weigh the lack of permission vs. the fact that it does no harm and in fact protects from harm, for free. NAP not obviously violated here. Digital analogy to building a fence around others’ property (which happens to concide with your own border)?

    The mind races.

  2. Because they are beyond the “maintainence lifetime”. In other words the companies that made them are no longer actively maintaining them.

    There are also plenty if products they thought would be perfect out of the gate so who needs firmware updates, but the majority of items in this case were older products still in use.

  3. Barron pretty much gets it; I’ve never seen software that was more than 70-80% “fully functional and bug free.” Once it runs well enough to not require frequent fixes to keep running developers and programmers are sent off to build the next product, with fixes relegated to the overworked, cheaper newbies, until eventually all support is terminated. Most SW outfits regard V 2.0 as the problem resolution for V 1.X, or the “new, improved purple-boxed SW, now with more functions” which you can pay for to replace last year’s obsolete yellow-box software.

    Were operating systems to become stable committing to and managing long term fixes (read: preventing problems) would be easier, but that will not happen due to both economic motives and knowledge growth.

  4. The prefix “mal” means evil or bad. The prefix “eu” means good or beneficial. So it would be “euware.”

    To confuse people, they might use a sheep in wolf’s clothing, and call it “ewe-ware.” (Much better than a honey-drop in front of a full moon, and the name of “bee-were”.)

    But because of the conflicts with FireFox, they might have to go with a “water-dog,” and give it the logo of a Labrador Retriever, whom everyone knows are nice and friendly and helpful. But the writer doesn’t want to bring bugs back to us, so it’ll go with the technicolor platypus, of Easter-egg fame, just to confuse people who think the chicken dyed crossing the road.

    Yeah, one of those mornings…..

Comments are closed.