The strange case of malware that protects your PC

What if some secret, Internet vigilante was protecting PCs from threats? In a shroud of mystery, he would type out code in the middle of the night, a dark hoodie pulled over his face…

And load malware onto your router.

It may seem like the plot of a high-stakes thriller novel, but it’s a real-life scenario (minus, perhaps, the hoodie). The Internet security firm Symantec has reported code, named Wifatch, that attacks home routers. The twist?

Wifatch actively protects its victims from other forms of malware.

Wifatch is a piece of code that connects routers to a peer-to-peer network of similarly infected devices. If that doesn’t sound familiar, review our post on botnet to learn about how an infection like this can turn your PC into a zombie.

The original detector of the code was an independent security researcher, L00t_myself, who noticed it on his own home router. Symantec has been following Wifatch for a while now, noting the following about the sophisticated code:

It is written in the Perl programming language

It targets following architectures: ARM (83%), MIPS (10%), and SH4 (7%)

It connects infected devices to a peer-to-peer network

What’s especially odd is that router infections are generally secured for pretty evil reasons. But Wifatch hasn’t delivered any kind of payload…at least, not yet.

So far, it seems, Wifatch is actually protecting systems against malware.

Wifatch is using this botnet of infected routers to distribute threat updates and remedy malware infections, instead of issuing DDoS attacks like you would expect.

What’s more, Symantec reports that the malware is trying to harden the infected devices. It even tells owners when to change passwords or update firmware. In a sense, Wifatch is fighting fire with fire – or malware with malware.

Wifatch seems suspiciously helpful. Source: Symantec

But the plot thickens. The creator of Wifatch reached out to Symantec, and was subsequently interviewed for their blog. He admits that while he has no malicious intentions, Wifatch could have an exploitable bug or someone could steal the key.

So ultimately, even if the creator of the code has good intentions, your PC is at risk for a malicious payload as a result of Wifatch.

While Wifatch is very interesting malware, it isn’t one you should be trying to contract. The reality is, a secure PC wouldn’t have Wifatch to begin with. You wouldn’t like it if a superhero was hiding in your house all the time just in case someone broke in. It’s still an invasion of your privacy, so Wifatch is ultimately malware.

Remember to have a secure anti-malware program and to create complex passwords. As the creator of Wifatch himself said:

Have a great, vigilante-free day!