A friendly botnet has been discovered that infects routers and informs the administrator about it

Experts have found a very interesting Botnet with name “Linux.Wifatch”. The virus uses the vulnerability in Telnet service, infects devices and connects them into peer-to-peer network. To be simple, Botnet – is some number of internet-connected computers that are communicating with other similar devices to complete some objectives or tasks. Cyber criminal are often using them to conduct a DDoS attack. But there are also many legal Botnets. Google Botnet for example.

What is interesting with Linux.Wifatch Botnet, it doesn’t do any malicious actions of any kind (like using infected computers for email spam messaging or DDoS attacks). Even more, it acts like some kind of a virus analytic for infected devices. Once the virus is in the machine, it tries to locate and kill any known to it malicious processes, sets a scheduled reboot of the computer once per week like a specific mechanism against threats, kills vulnerable Telnet daemon and leaves a message to the administrator with suggestion to disable telnet, change telnet password, and/or update the firmware.

The first trace of the Linux.Wifatch Botnet was discovered in November 2014. The researcher has noticed that his router acts strangely. It was connected to a peer-to-peer network and acting like a “zombie” sending common packages.

The author of this Botnet was not trying to make analyze of the source code harder for anyone, on the contrary, he made a lot of explaining comments. Even more, there was found very interesting comment for government authorities:

To any NSA and FBI agents reading this: please consider whether defending
the US Constitution against all enemies, foreign or domestic, requires you
to follow Snowden’s example.


It looks like the author of the Botnet was inspired by Edward Snowden’s Revelations.

And now there is only one question, will the author of the Botnet stay as a Robin Hood or will he turn to the dark side of the force?