Geek Answers Handbook

Botnet Killer virus programming

Isn't the best way to figure out a botnet is to write your own virus?

Antivirus software never breaks down. He is just waiting for an attack from people who have enough time to steal / download / install X software, check its protection and deploy new updates for their drones / zombies to exploit the weakness of X software. Thus, an instant defeat X software (especially if your computer shuts down as candidate # 1 to test a new exploit).

So, to play a crime, why not write your own antivirus.

Ethics / morality aside, if you wrote a self-propagating virus whose only task was to bring out Zeus, Confker, Groom, Bobax, etc., you could sit back, relax and watch your email filter gradually end up doing.

You can be Batman on the Internet. Breaking the rules for the greater good! Of course, I'm not seriously advocating vigilance, but theoretically you can wage war against any botnet using the same tactics that the virus / worm / trojan uses.

To make it more ethical, uninstall your program yourself by cleaning the computer and copying it to another.

The people involved in the botnet were not asked to participate in it, so do they need to be asked not to participate in it?

What do you think?

EDIT

As @ Woot4Moo pointed out, I clearly don't have a lot of background in this area.

And of course, I know that you cannot really separate morality / ethics from this issue, because at the end of the day I don’t want anyone to mess with my things (regardless of their “good” intentions).

I suppose my question was more like (again an attempt to remove morality) "What would be more effective in dealing with the problem?" Waiting for an attack or attack. This idea gave rise to my idea of ​​a "Good Botnet" (the idea is clearly beaten).

So, my counter question: how will we proceed next? Attack management and management servers? (Again, it is illegal to burn a building, even if it belongs to a crowd). Or will we not worry and play defense forever? (And if I am not aware of the offensive initiative, then please enlighten me).

+4
source share
5 answers

The idea makes sense in theory, and it happened.

1) Worm-vs-Worm (idea of ​​the patch): Welchia tried to clean up the Worm in 2003 after the Blaster worm in 2003, but it kicked the law of unintended consequences (and some bad design options): bandwidth saturation, new attack vectors http: // www.icir.org/vern/worm04/castaneda.pdf

As far as I know, this is the only time the counter-worm has been launched. Later, worms (for example, Conficker) hedge this, fixing the vulnerability and adding special protocol features that allow only the associated C and C, which is why the vulnerability becomes a backdoor with code.

2) Theft of channels C and C: several research groups took over botnets to study them: UCSB has a public document in CCS CCS in 2009: http://www.cs.ucsb.edu/~seclab/projects/ torpig / torpig.pdf

The botnet’s public business is a lot of money, so a lot of work is aimed at making C and C channels inaccessible (strong cryptography, decentralization, dual flow, etc.) to prevent halt and capture.

Addenda:

2012/2: Seawave: PhD thesis on Benign Layer 2, Softening Worm Topology Vulnerability cyber attack cnet link

+3
source

From a technical point of view, this is possible, and I heard that this is already happening at the botnet and botnet level (I can’t find the link - sorry), and I won’t be surprised if there were researchers there doing similar things, although they’re unlikely to announce or brag about it due to ethical issues.

From an ethical point of view, you probably shouldn't do this. You install software on someone else's machine and trick it without their permission. It would be like breaking into a house through a living room window so that the smoke alarms still worked. If users participated in it voluntarily (that is, they intentionally installed the software), then that would be fine, but then it would be like any other antivirus ... agreement here is key.

+3
source

This cannot happen. That sounds good in theory, but if they didn't kill you, you'll soon find yourself in jail. You can simply push ethics aside and do as you wish.

How is this different than when Sony placed spyware on each CD so that they could prevent users from ripping music? Is not. In the eyes of Sony, the people who tore the music were a bad guy, and they used a measure similar to the one you proposed to deal with it. In the end, they got a lawsuit and were hit with a huge fine. Lesson? Just because you think you need to protect your interests, it’s never normal to place something on another computer without disclosing it. Never.

+1
source

Some researchers have already created something similar, but it has never been used. This is as illegal as creating botnets in the first place. And I do not think that this will really help for a long time.

+1
source

This is, frankly, the worst idea I've ever heard. You either have a lack of knowledge or you are intentionally funny. I do not ask the police to protect me, but of course I would be upset if I shot my car every day, I know just in case. In addition, you make more money in research by finding ways to circumvent protection than you by creating protection. Look at any scientist who helps a professional athlete hide the use of steroids.

-1
source

More articles:


All Articles