Fighting Code with Code

Saturday, June 30, 2012

Contributed By:
Jayson Wylie

It is amazing to me how many infections are out on the Internet just blasting attacks - and some, like the Slammerworm, just never seem to go away.

I have seen many automated attacks from both internal and external network sources and I would say, ”Every once in a while a blind squirrel finds a nut…” but some of the code is very good at finding a proper target even if the attack is futile.

I believe may low hanging fruit attempts are out there finding poorly implemented security configurations or design. Some attacks like the Operation High Roller are very successful and very dangerous.

I had an idea for cleaning up some of the garbage on the Internet that I posted on Linkedin.com once and I termed the proposal as “White-Celled” code.

The general idea is to be able to create code that can detect, remove malware off machines and then remove itself.

The propagation can be Worm-like to go free, initiated by scanned findings, or a redirect on the footprint of an attack source.

This would be highly illegal for everyone but State run agencies. However, in the event of a Cyberwar-based incident where the Malware has the potential to creating a lot of harm, it could be beneficial (ie: a restructure of Stuxnet to target US facilities with aims at a possible meltdown.)

The Malware can be reversed engineered and the good code that cleans up the mess can be propagated by the best approach.

This type of activity could be legal in a contract ruled privately secured Internet I once proposed here . There is actually a secure root that is trying to attempt this now.

I believe it would be more possible to find and take down botnets with this approach that do not use C&C and use P2P along with things like port-knocks for access.

Slammerworm could be taken off the planet with attack redirections or a “counter-worm”. Future attack defenses or reactions can be staged with a framework easily adjustable for a specific footprint.

There is already evidence of malware infections on top of other malware and anti-malware could be positioned the same.

Share This! |

Views:	3846
Categories:	Viruses & Malware
Industries:	Information Security
Tags:	malware Attacks Stuxnet Network Security infection Automated Attacks reverse engineering Offensive Security Slammer Worm

Post Rating I Like this!

Comments:

Sara Hald There has already been examples of such an approach. The Welchia worm that was detected in 2003 had as it's purpose to remove Blaster from its host system, patch it up, and remove itself after a period of time.

1341227829

You Must Register or Login to Comment

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked

Latest Member Comments

"Have you ever dreamed that your 90′s cyberpunk movies goes real? Well, we almost there, meet the Deep Web. The Deep Web (also called ..."

What is the Deep Web? A Trip into the Abyss.... Smukke Smukke on 06-13-2013

"The author of this article is answering the wrong question. It appears (he) is writing this article in response to all the attention gi..."

NSA Surveillance Is Legal And Not Targeting ... John Smith on 06-13-2013

"Agreed, good post. There is the ISO standard take on processes and implementing lasting changes then there is the practical operational..."

Vulnerability Management and Root Cause Anal... Ian Tibble on 06-12-2013

"Good post. One of the key elements in Vulnerability Management is having the contact details of the person knowledgeable on why a certa..."

Vulnerability Management and Root Cause Anal... Koen Van Impe on 06-11-2013