Linux.Wifatch
   HOME

TheInfoList



Click Here for Items Related To - Linux.Wifatch
OR:
Linux.Wifatch on:   [Wikipedia]   [Google]   [Amazon]

Linux.Wifatch is an open-source piece of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
which has been noted for not having been used for malicious actions, instead attempting to secure devices from other malware. Linux.Wifatch operates in a manner similar to a computer security system and updates definitions through its Peer to Peer network and deletes remnants of malware which remain. Linux.Wifatch has been active since at least November 2014. According to its authors the idea for Linux.Wifatch came after reading the Carna paper. Linux.Wifatch was later released on
GitLab GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software. The open source software project was created by Ukrainian developer Dmitriy Zaporozhets and Dutch developer S ...
by its authors under the
GNU General Public License The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the Four Freedoms (Free software), four freedoms to run, study, share, and modify the software. The license was th ...
on October 5, 2015.


Operation

Linux.Wifatch's primary mode of infection is by logging into devices using weak or default
telnet Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control i ...
credentials. Once infected, Linux.Wifatch removes other malware and disables telnet access, replacing it with the message "Telnet has been closed to avoid further infection of his device. Please disable telnet, change telnet passwords, and/or update the firmware."


See also

*
Denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
*
BASHLITE BASHLITE (also known as Gafgyt, Lizkebab, PinkSlip, Qbot, Torlus and LizardStresser) is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but ...
– another notable IoT malware * Linux.Darlloz – another notable IoT malware *
Remaiten Remaiten is malware which infects Linux Linux on embedded systems, on embedded systems by Brute-force attack, brute forcing using frequently used default username and Default password, passwords combinations from a list in order to infect a system ...
– another notable IoT malware * Mirai – another notable IoT malware *
Hajime (malware) Hajime (Japanese for "beginning") is a malware which appears to be similar to the Wifatch malware in that it appears to attempt to secure devices. Hajime is also far more advanced than Mirai, according to various researchers. The top countries ...
- malware which appears to be similar in purpose to Wifatch


References


External links


Linux.Wifatch at GitLab
{{IoT Malware Botnets Free software programmed in Perl IoT malware Linux malware Telnet