Unusual Malware May Infect IoT Devices to Protect Them: Symantec

Infected devices connect to peer-to-peer network that distributes threat updates

Nicole Henderson, Contributor

October 2, 2015

2 Min Read
Unusual Malware May Infect IoT Devices to Protect Them: Symantec
The figure of Norton Fighter, a hero character symbolizing reliability of Symantec’s Norton Products, is displayed at Makuhari Messe in 2008 in Chiba, Japan. (Photo by Koichi Kamoshida/Getty Images)



This article originally appeared at The WHIR

Symantec has been tracking an unusual malware that targets Internet of Things (IoT) devices. Called Linux.Wifatch it appears that the malware is being used to secure infected devices instead of using them for malicious activities.

According to a blog post by Symantec on Thursday, most of Wifatch’s code is written in Perl and it targets several architectures, shipping its own static Perl interpreter for each of them. When a device is infected, it connects to a peer-to-peer network that distributes threat updates.

What’s unusual, according to Symantec, is that the code does not ship any payloads used for malicious activities, such as DDoS attacks.

Symantec recommends users reset an infected device to remove the Wifatch malware; however devices could become infected again. Users should keep their device’s software and firmware up to date and change default passwords.

As the number of IoT devices grow, so do the variety of security threats. IoT will likely force changes in policy and security practices at most organizations as 55 percent of IT decision makers at US SMBs surveyed last year expect new security threats and the extension of existing threats to new devices to be a major concern.

Mario Ballano of Symantec said that it has been “monitoring Wifatch’s peer-to-peer network for a number of months and have yet to observe any malicious actions being carried out through it.”

“Wifatch not only tries to prevent further access by killing the legitimate Telnetdaemon, it also leaves a message in its place telling device owners to change passwords and update the firmware,” he said.

The author chose not to obfuscate the Perl code, suggesting that they aren’t worried about others being able to inspect it.

Although it does seem to be unlike most malware, Symantec said Linux.Wifatch is still a piece of code that infects a device without user consent. Symantec will continue to keep “a close eye on Linux.Wifatch and the activities of its mysterious creator.”

It is estimated that Wifatch’s network includes tens of thousands of devices, with 32 percent of infected devices in China, and 16 percent in Brazil. Only 5 percent of infected devices are in the US.

Development of IoT is more advanced in Asia Pacific, according to a recent report, with 26 percent of developers in APAC likely to be working on IoT projects, compared to developers in North America (22 percent).

The vast majority (83 percent) of infected devices are ARM architectures.

This first ran at http://www.thewhir.com/web-hosting-news/unusual-malware-may-infect-iot-devices-to-protect-them-symantec

About the Author(s)

Nicole Henderson

Contributor, IT Pro Today

Nicole Henderson covers daily cloud news and features online for ITPro Today. Prior to ITPro Today, she was editor at Talkin' Cloud (now Channel Futures) and the WHIR. She has a bachelor of journalism from Ryerson University in Toronto.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like