Linux.Wifatch on:
[Wikipedia]
[Google]
[Amazon]
Linux.Wifatch is an open-source piece of 
Linux.Wifatch at GitLab
{{IoT Malware Botnets Free software programmed in Perl IoT malware Linux malware Telnet
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
which has been noted for not having been used for malicious actions, instead attempting to secure devices from other malware.
Linux.Wifatch operates in a manner similar to a computer security system and updates definitions through its Peer to Peer network and deletes remnants of malware which remain.
Linux.Wifatch has been active since at least November 2014. According to its authors the idea for Linux.Wifatch came after reading the Carna paper.
Linux.Wifatch was later released on GitLab
GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software. The open source software project was created by Ukrainian developer Dmitriy Zaporozhets and Dutch developer ...
by its authors under the GNU General Public License
The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end user
In product development, an end user (sometimes end-user) is a person who ultimately uses or is intended to ulti ...
on October 5, 2015.
Operation
Linux.Wifatch's primary mode of infection is by logging into devices using weak or defaulttelnet
Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet cont ...
credentials. Once infected, Linux.Wifatch removes other malware and disables telnet access, replacing it with the message "Telnet has been closed to avoid further infection of his device. Please disable telnet, change telnet passwords, and/or update the firmware."
See also
*Denial-of-service attack
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...
* BASHLITE
BASHLITE (also known as Gafgyt, Lizkebab, PinkSlip, Qbot, Torlus and LizardStresser) is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but ...
– another notable IoT malware
* Linux.Darlloz
Linux.Darlloz is a worm which infects Linux embedded systems.
Linux.Darlloz was first discovered by Symantec in 2013.
Linux.Darlloz targets the Internet of things and infects routers, security cameras, set-top boxes by exploiting a PHP vulnera ...
– another notable IoT malware
* Remaiten
Remaiten is malware which infects Linux on embedded systems by brute forcing using frequently used default username and passwords combinations from a list in order to infect a system.
Remaiten combines the features of the Tsunami and LizardStr ...
– another notable IoT malware
* Mirai – another notable IoT malware
* Hajime (malware)
Hajime (Japanese for "beginning") is a malware which appears to be similar to the Wifatch malware in that it appears to attempt to secure devices.
Hajime is also far more advanced than Mirai, according to various researchers.
The top countries ...
- malware which appears to be similar in purpose to Wifatch
References
External links
Linux.Wifatch at GitLab
{{IoT Malware Botnets Free software programmed in Perl IoT malware Linux malware Telnet