Ifwatch software is a mysterious piece of malware that infects routers through Telnet ports, which are often weakly secured with default security credentials that could be open to malicious attack. Instead, Ifwatch takes that opportunity to set up shop, close the door behind it, and then prompts users to change their Telnet passwords, if they are actually going to use the port.
According to Symantecs research, it also has code dedicated to removing software that has entered the device with less altruistic intentions. Ifwatch finds out and removes well-known families of malware targeting embedded devices,
We have no idea who is behind this or what their full intention is, Saengphaibul said. However, it has been found to infect more than 10,000 Linux-based routers, mostly in China and Brazil.
Ifwatch was first discovered by an independent researcher in 2014 and connects routers to a peer-to-peer network that is used to distribute threat updates.
Even though it initially looked like just another botnet, Symantec researchers found Ifwatch was more sophisticated than a normal infection. They found that Ifwatch removed well-known families of malware that usually target routers, and it even tells users to change their password and upgrade firmware, which is another way to defend against malicious hackers.
It looks like the Ifwatchs creator wanted it to be discovered. The Ifwatch author left a comment in the source code that references an email signature used by software freedom activist Richard Stallman, which reads:
To any NSA and FBI agents reading my email: please consider whether defending the U.S. Constitution against all enemies, foreign or domestic, requires you to follow Snowdens example.
The Symantec researchers are quick to point out that Ifwatch is illegal and uses the same backdoors that more malicious hackers enter through. However, after months of investigation, the researchers have found that Ifwatchs creator has yet to do anything malicious making them wonder whether this altruistic hack is an attempt to improve everyones privacy or just a very smart diversion.
Facebook
Twitter