-  [WT]  [Home] [Manage]

[Return] [Entire Thread] [Last 50 posts] [First 100 posts]
Posting mode: Reply
Subject   (reply to 7421)
File URL
Embed   Help
Password  (for post and file deletion)
  • Supported file types are: 7Z, GIF, JPG, PDF, PNG, RAR, SWF, ZIP
  • Maximum file size allowed is 5120 KB.
  • Images greater than 300x300 pixels will be thumbnailed.
  • Currently 551 unique user posts. View catalog

  • Blotter updated: 2017-02-04 Show/Hide Show All

Patches and Stickers for sale here

File 144383911275.jpg - (61.61KB , 640x652 , kasey-mcmahon-1-connected.jpg )
7421 No. 7421 ID: 7d9420
>the bug behaves like a regular virus from the outside: infecting the device, operating undetected, and coordinating actions through a peer-to-peer network. But instead of performing DDoS attacks or looking for sensitive data, Wifatch's main role seems to be keeping other viruses out. It stays up to date on virus definitions through its peer-to-peer network, deletes any malware discovered, and cuts off other channels malware would typically use to attack the router.
>(...)the virus seems to make little effort to conceal itself, and leaves various benign messages in its code. One, triggered when a user tries to access the Telnet feature, reminds users to update the device's firmware. Another, dropped as a comment in the source code, repeats a statement from free-software icon Richard Stallman:
> "To any NSA or FBI agents reading this: please consider whether defending the US constitution against all enemies, foreign or domestic, requires you to follow Snowden's example."
>Symantec estimates "somewhere in the order of tens of thousands of devices" are infected with the virus, with infections largely focused on Brazil, China, and Mexico. Resetting a device is enough to remove the infection, but the firm warns that a router may become reinfected over time. "Symantec will be keeping a close eye on Linux.Wifatch and the activities of its mysterious creator," the post concludes. "Users are advised to keep their device’s software and firmware up to date."

Pic unrelated.
Expand all images
>> No. 7422 ID: 7d9420
File 144384026810.jpg - (48.44KB , 720x540 , funny_rig.jpg )
>Is there an Internet-of-Things vigilante out there?

>Lately we’ve seen that home routers, and IoT devices in general, are becoming more interesting to cyber crooks; these devices may not hold a lot of interesting data but under the control of criminals they have proven to be quite useful, for instance, to articulate distributed denial-of-service (DDoS) attacks. As well as this, it’s difficult for the average user to detect if one of these devices has become infected and so most infections go unnoticed.

>(...)as part of Symantec’s efforts to identify malware targeting embedded devices we run a large network of honeypots that collect many samples and Wifatch seemed to be just another of these threats.

>(...)Most of Wifatch’s code is written in the Perl programming language and it targets several architectures and ships its own static Perl interpreter for each of them. Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates.
>> No. 7423 ID: 7d9420
File 144384038058.jpg - (32.84KB , 500x375 , funny_security.jpg )
>For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities.(...)all the hardcoded routines seem to have been implemented in order to harden compromised devices. We’ve been monitoring Wifatch’s peer-to-peer network for a number of months and have yet to observe any malicious actions being carried out through it.

>(...)killing the legitimate Telnet daemon, it also leaves a message in its place telling device owners to change passwords and update the firmware.

>(...)has a module that attempts to remediate other malware infections present on the compromised device. Some of the threats it tries to remove are well known families of malware targeting embedded devices.

>Wifatch’s code is not obfuscated; it just uses compression and contains minified versions of the source code

>The threat also contains a number of debug messages that enable easier analysis. It looks like the author wasn’t particularly worried about others being able to inspect the code.
>> No. 7424 ID: 7d9420
File 144384061745.jpg - (242.92KB , 1296x968 , lolties.jpg )
>Despite the previously listed actions, it should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware.

>It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions. However, cryptographic signatures are verified upon the use of the back doors to verify that commands are indeed coming from the malware creator. This would reduce the risk of the peer-to-peer network being taken over by others.

>Resetting an infected device will remove the Wifatch malware; however, devices may become infected again over time. If possible, users are advised to keep their device’s software and firmware up to date and to change any default passwords that may be in use.
>> No. 7445 ID: 7c0035
How curious
>> No. 7452 ID: f013be
Some NSA agent must have got fed up
[Return] [Entire Thread] [Last 50 posts] [First 100 posts]

Delete post []
Report post