It is amazing to me how many infections are out on the Internet just blasting attacks - and some, like the Slammerworm, just never seem to go away.
I have seen many automated attacks from both internal and external network sources and I would say, ”Every once in a while a blind squirrel finds a nut…” but some of the code is very good at finding a proper target even if the attack is futile.
I believe may low hanging fruit attempts are out there finding poorly implemented security configurations or design. Some attacks like the Operation High Roller are very successful and very dangerous.
I had an idea for cleaning up some of the garbage on the Internet that I posted on Linkedin.com once and I termed the proposal as “White-Celled” code.
The general idea is to be able to create code that can detect, remove malware off machines and then remove itself.
The propagation can be Worm-like to go free, initiated by scanned findings, or a redirect on the footprint of an attack source.
This would be highly illegal for everyone but State run agencies. However, in the event of a Cyberwar-based incident where the Malware has the potential to creating a lot of harm, it could be beneficial (ie: a restructure of Stuxnet to target US facilities with aims at a possible meltdown.)
The Malware can be reversed engineered and the good code that cleans up the mess can be propagated by the best approach.
This type of activity could be legal in a contract ruled privately secured Internet I once proposed here . There is actually a secure root that is trying to attempt this now.
I believe it would be more possible to find and take down botnets with this approach that do not use C&C and use P2P along with things like port-knocks for access.
Slammerworm could be taken off the planet with attack redirections or a “counter-worm”. Future attack defenses or reactions can be staged with a framework easily adjustable for a specific footprint.
There is already evidence of malware infections on top of other malware and anti-malware could be positioned the same.