Fighting Code with Code

Saturday, June 30, 2012

Jayson Wylie


It is amazing to me how many infections are out on the Internet just blasting attacks - and some, like the Slammerworm, just never seem to go away.

I have seen many automated attacks from both internal and external network sources and I would say, ”Every once in a while a blind squirrel finds a nut…” but some of the code is very good at finding a proper target even if the attack is futile.

I believe may low hanging fruit attempts are out there finding poorly implemented security configurations or design.  Some attacks like the Operation High Roller are very successful and very dangerous.

I had an idea for cleaning up some of the garbage on the Internet that I posted on once and I termed the proposal as “White-Celled” code.

The general idea is to be able to create code that can detect, remove malware off machines and then remove itself.

The propagation can be Worm-like to go free, initiated by scanned findings, or a redirect on the footprint of an attack source.

This would be highly illegal for everyone but State run agencies.  However, in the event of a Cyberwar-based incident where the Malware has the potential to creating a lot of harm, it could be beneficial (ie: a restructure of Stuxnet to target US facilities with aims at a possible meltdown.)

The Malware can be reversed engineered and the good code that cleans up the mess can be propagated by the best approach.

This type of activity could be legal in a contract ruled privately secured Internet I once proposed here .  There is actually a secure root that is trying to attempt this now.

I believe it would be more possible to find and take down botnets with this approach that do not use C&C and use P2P along with things like port-knocks for access. 

Slammerworm could be taken off the planet with attack redirections or a “counter-worm”.  Future attack defenses or reactions can be staged with a framework easily adjustable for a specific footprint.

There is already evidence of malware infections on top of other malware and anti-malware could be positioned the same.

Possibly Related Articles:
Viruses & Malware
Information Security
malware Attacks Stuxnet Network Security infection Automated Attacks reverse engineering Offensive Security Slammer Worm
Post Rating I Like this!
Sara Hald There has already been examples of such an approach. The Welchia worm that was detected in 2003 had as it's purpose to remove Blaster from its host system, patch it up, and remove itself after a period of time.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.