Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fight Virus With Virus?

Posted by Hemos on from the cleaning-up-the-mess dept.

Insanik writes "I am not an expert with internet worms like Code Red. However, I am curious if it would be possible to create a friendly worm/virus/whatever that would fight the original by using the same security holes. For instance, I read that Code Red II opens a back door. Why not have another virus that exploited the back door, closed it, then started sending itself to other servers for a certain period of time? " The submittor raises an interesting question - is this possible? I would guess so, in theory. And while we're working on Code Red, can we send a large man to the home of my latest Sircam senders and politely "ask" them to stop clicking on virii?

7 of 697 comments (clear)

  1. Re:Its entirely possible by Tassach · · Score: 3, Informative
    Plus, lawyers have to be careful about what they say in a forum like this -- a lawyer cannot give "official" legal advice to someone who is not his or her client. This is why any legitimate law-related web site has a disclaimer like "this is not to be construed as legal advice".

    --
    Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
  2. A K5 USer has published an anti-CodeRed virus by hillct · · Score: 4, Informative

    A K5 user has provided the source to a proposed code-red anti-virus, which actively repairs remote systems infected with the code red virus. The legal implications of this are a bis issue, but it's certainly an interesting code example.

    --CTH

    --

    --Got Lists? | Top 95 Star Wars Line
  3. Re:There is another way... by friscolr · · Score: 4, Informative
    You don't need to do the lookups/etc yourself. You can help security focus send out the mail.

    from the bugtraq post:

    To: BugTraq
    Subject: Infection Notification
    Date: Sun Aug 05 2001 10:50:22
    Author:
    Message-ID:

    If you'd like to help us notify users they are infected please send offending IP data to aris-report@securityfocus.com. Please use the following format:

    IP ADDRESS DATE/TIME WITH TIMEZONE

    Or something similar to this. Please ensure the information is constrained to IP address and date per line as we do our notification automatically and our systems need to be able to understand the data you send us.

    --
    Elias Levy
    SecurityFocus.com
    http://www.securityfocus.com/
    Si vis pacem, para bellum

    ---end bugtraq post---

    --

    -f
    www.blackant.net

  4. Preferable method by Snowfox · · Score: 3, Informative
    I'd rather it used the IIS log file to try to spread itself to every system that had tried to infect it, then executed a
    %windir%\System32\rundll32.exe user32.dll,exitwindows

    (which you can do manually right now with the worm-installed back door.)

    Leave that going long enough, and the infected systems will just keep powering off until the IIS feebs get a clue.

  5. Re:Don't be a part of the problem by blakestah · · Score: 5, Informative

    Your solutions should not affect the state of the infected machines. Even if you could "fix" their machine. Even telling them that their machine is infected is over the line, if you're using their machine to do it.


    Now there is ethics and there is ethics. Here is a scenario that occurred once in Baltimore. A house thief hot-wired a car. He jammed the steering wheel all the way to the side and floored the gas. The car spun and made lots of noise. Meanwhile, the thief broke into people's houses (that is besides the point). Am I ethical if I jump into the moving car and turn it off ?

    The point I am raising is that the car poses a risk to society. I am altering someone else's property in stopping it. However, I don't think it can be called unethical. The danger was created by someone who was not the owner - removal of that danger by another third party can be ethical depending on the magnitude of the danger and the alteration of the property.

    As another example, suppose my neighbor's house is burning and his 10 year old is screaming at the window, and he is not around. Am I ethical in breaking in to save his child ? In this case the answer is really clear.

    In the case of machines compromised with CodeRedII, consider the capability for MASSIVE DDOS directed at anybody launchable by anybody. Those machines are tools to be used by anyone for any reason they like. They can be used as launching points for hacks on military sites. They can be used to snoop for passwords etc. If you go onto those machines and simply remove them from the network by shutting them down (in an orderly fashion), I think you could argue rather strongly that you are taking such action in the interest of public safety.

    Ethics is rarely so cut and dried that one could claim that you should NEVER alter someone else's property.

  6. Re:Its entirely possible by jgerman · · Score: 5, Informative
    It's not necessarily true that an American citizen can respond with deadly force to criminal trespass. That varies state by state. Here, in MD, for example, if someone breaks into your home and threatens you, you must make every effort to vacate the home. You can not just shoot him for trespassing, breaking and entering, or anything else.

    Guees that means if my machine gets hacked here I have to give it over to whomever hacked it.

    --
    I'm the big fish in the big pond bitch.
  7. That doesn't solve the problem. by Mustang+Matt · · Score: 3, Informative

    The solution is twofold.
    A: Microsoft needs to release more secure OS/Web servers.
    B: People need to patch their system themselves or take it off the net.

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin