Lets start with the obvious fact that good wars have two sides, the guys with the black hats (Boo!) and the guys with the white hats (Yay!). So far, the white hats hats have been pretty much missing in action. But now, riding over the hill in the home router sector of the front lines, comes the white-hat cavalry!
Is the opposite of malware benware? If so, Symantec has found "highly virulent" benware called "Ifwatch" infecting "more than 10,000 Linux-based routers, mostly in China and Brazil":
Ifwatch software is a mysterious piece of “malware” that infects routers through Telnet ports, which are often weakly secured with default security credentials that could be open to malicious attack. Instead, Ifwatch takes that opportunity to set up shop, close the door behind it, and then prompts users to change their Telnet passwords, if they are actually going to use the port.How awesome is it that the titanic struggle between good and evil is taking place inside your home router, so you have a ringside seat?
According to Symantec’s research, it also has code dedicated to removing software that has entered the device with less altruistic intentions. Ifwatch finds out and removes “well-known families of malware targeting embedded devices,”
Meanwhile, in the enterprise router sector, the black hats advanced. Dan Goodin at Ars Technica reports that there is a Backdoor infecting Cisco VPNs steals customers’ network passwords:
Attackers are infecting a widely used virtual private network product sold by Cisco Systems to install backdoors that collect user names and passwords used to log in to corporate networks, security researchers said. ... The attacks appear to be carried out by multiple parties using at least two separate entry points. Once the backdoor is in place, it may operate unnoticed for months as it collects credentials that employees enter as they log in to company networks.That's the news from the war zone yesterday. Stay tuned for more in the comments.