Last-minute paper: The mysterious case of Linux.Wifatch

Thursday 1 October 15:00 - 15:30, Green room

Mario Ballano (Symantec)

Home routers, and in general IoT devices, are becoming more and more interesting to cybercriminals. These devices may not hold a lot of interesting data, but in the wrong hands they have proven to be quite useful, for instance, to articulate DDoS attacks. However, recently, we discovered a router threat known as Linux.Wifatch that was exhibiting unusual behaviour — the threat was securing infected devices instead of using them for malicious purposes.

Linux.Wifatch is a sophisticated threat that builds a botnet of infected devices and contains a number of hidden messages visible only to a reverse engineering analyst, leading to a riddle we have been trying to unravel: who is really behind it, what are his intentions, and is there really an Internet-of-Things vigilante out there?

In this talk we will present our research on Linux.Wifatch, we will show how we went about analysing it and how we introduced an insider into its peer-to-peer network to monitor its activities. We will provide you with data collected over the summer of 2015, and we will also present our theories on who we think may be controlling it and what the author(s)' intentions might be: might they be 'good' guys trying to keep devices out of malicious hands, or are they as evil as other malware creators?

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.