Vigilante botnet infects IoT devices before blackhats can hijack them
Digital vigilantism. "The problem with these white worms is that they usually turn out to have a short lifespan. That is because their effects are only temporary. On the typical IoT system affected by these worms, the changes made to improve the security are only in RAM and not persistent. Once the device is rebooted it goes back to its unsecured state, complete with default passwords and a Telnet open to the world. To have a lasting effect, the firmware would need to be updated. It is extremely difficult to update the firmware on a large scale because the process is unique to each device and in some cases is not possible without physical access. And so, we are left with embedded devices stuck in a sort of Groundhog Day time loop scenario. One day a device may belong to the Mirai botnet, after the next reboot it could belong to Hajime, then the next, any of the many other IoT malware/worms that are out there scanning for devices with hardcoded passwords. This cycle will continue with each reboot until the device is updated with a newer, more secure firmware."