Researchers at security firm Sophos say they have identified new malware that they classify as “vigilant”. That’s because the threat, if we can call it that, modifies files on the victim’s computer to prevent them from accessing pirated content sites, even temporarily.
Image: Fredrik Persson/AFP (Getty Images)
Sophos claims that after infecting the computer, the malicious program blocks the user’s access to a pre-defined list of suspicious websites. To the surprise of anyone, the vast majority of these pages are related to addresses that share torrents of movies and series, like BitTorrent, for example.
Vigilant malware does this blocking without major intrusion techniques, using a very basic method: hijacking the PC’s HOSTS file. It is a simple text file that maps hostnames to IP addresses as they connect to a device’s network. When modifying the file, the machine is prevented from accessing certain domains.
To make matters worse, the virus is not the easiest to spot. That’s because it hides in fake software packages, including those that call themselves pirated or are free versions of “popular games, productivity tools and even security products.”
Andrew Brandt, chief researcher at Sophos, said that the “motivation of the malware seemed very clear”, which is to prevent “people from visiting software piracy sites”. The expert also stated that it is easy to disable the effects of malware in order to be able to re-access sites placed on the software’s block list. Just remove the entries in the HOSTS file.
A good malware? Calm down
“Watchman” is an interesting sub-genre of malware, and it doesn’t usually appear as much in the news as frequently as other more popular threats. A lot of this is because this type of malware isn’t often seen as a threat, in fact — at least not to the extent that other viruses are.
Last year, amid a resurgence in activity from the destructive botnet Emotet, someone began sabotaging infection operations, replacing payloads of malware with funny GIFs and memes. Likewise, a few years ago, an unknown hacker broke into 10,000 home routers to fix their vulnerabilities and make them more secure.
As “noble” as these attitudes may seem, malware is still malware. And nothing would stop the hacker who developed it from changing his mind and, instead of helping, start spying on the computer, possibly even stealing sensitive data. So, it’s best not to leave too much room for software like that, no matter how harmless they seem.