While botnets are usually known for infecting computers with malicious content and malware, one new botnet is working to do the opposite and protect computers from being infected.
The botnet is armed with coding that researchers have named Wifatch. Its goal is to secure devices from being attacked by hackers and becoming compromised. It is unknown who created the positive botnet.
Think of it like getting a flu shot. You get a small portion of the flu virus so that you don’t get the sickness later. In this case, electronic devices are getting their own version of the flu shot so that they don’t become infected with malicious content later.
Wifatch was first noticed by independent security researchers in November of last year. An analysis from researchers at Symantec showed that it is found on tens of thousands of devices worldwide. Most of these devices are located in China, Brazil, Mexico, and India.
Symantec researchers explained in a statement, "Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates. Wifatch’s code does not ship any payloads used for malicious activities, such as carrying out DDoS attacks, in fact all the hardcoded routines seem to have been implemented in order to harden compromised devices."
There have been no reports of the botnet being used for any malicious purposes. Instead, this appears to be a rare case of the botnet acting in the role of a “good guy”.
While also protecting devices from malicious content, the Wifatch code additionally works by attempting to remove malware that is already installed on the devices.
There are other factors that lead researchers to believe that the Wifatch bot is on a mission of good. For instance, the program openly revealed Wifatch’s code. Debug messages have been included in the botnet’s operation to make analysis easier. There are also security measures put in place to prevent the Wifatch bot from being hijacked.
Wifatch’s source code also contains one particular quote, which was originally stated by software freedom activist Richard Stallman.
The quote reads, “To any NSA and FBI agents reading this: please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example."
However, despite its seemingly positive intentions, Wifatch is still considered malware, since it infects a device without the consent of the user.
But in this case, Wifatch appears to be one instance of malware doing good rather than evil.