Slashdot Mirror
Fight Virus With Virus?
Insanik writes "I am not an expert with internet worms like Code Red. However, I am curious if it would be possible to create a friendly worm/virus/whatever that would fight the original by using the same security holes. For instance, I read that Code Red II opens a back door. Why not have another virus that exploited the back door, closed it, then started sending itself to other servers for a certain period of time? " The submittor raises an interesting question - is this possible? I would guess so, in theory. And while we're working on Code Red, can we send a large man to the home of my latest Sircam senders and politely "ask" them to stop clicking on virii?
The first such anti-virus virus, Den_Zuko, was discovered in 1988. Check out this article on VNUnet, which has more info on the history of such software and why it's a bad idea.
More recently, the Linux.Cheese.Worm has done similar things for Linux users infected by the Linux.Lion.Worm.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
Why not take the Symantec Sircam cleanup utility, patch it to make it self-propagating, and then e-mail it out with the message "Hi there! I send you this because you're a stupid fscking idiot. :)"
Got Rhinos?
So now you have a bunch of viruses, and counter-viruses roaming the net. This is not so bad until you have self-mutating viruses and antigens, several generations down the line. Eventually chaos theory will dictate that the nature of the relationship has become so complex as to be unknowable. This is a pandoras box we don't want to open. It's similar to the human cloning issue, in that there are a lot of good arguments not to do it, but there's one overwhelming argument for making it legal, lincensed and monitored; that is, if it's not legal, those who choose to pursue it will not be hindered in that activity, but will be forced to pursue it without oversight, while in hiding and possible in poorly controlled conditions.
All you can do here is appeal to the logic of those who would pursue such an activity and suggest that they not undertake it, but regardless of how much you argue, convince and suggest, someone will eventually do it and there will be severe concequences - not all negative, but severe, with respect to how we look at technology and how we use it.
It could further be argued that those against such undertakings, need to ajust to changing technology and make the appropriate changes to their world view. This is what the recording industry is having to do, as well as companies in other well established industries. The same will eventually be true of how we look at software design (computer viruses), and biology (human cloning).
--CTH
--Got Lists? | Top 95 Star Wars Line
Seriously, folks, everybody who *could* write something like that either (a) recognizes that infecting someone's box is infecting someone's box, closing holes or not or (b) sees no problems in having the rooted boxen out there anyway. I doubt that anybody else actually has the skills to do it.
Just put up a website on your computer that advertises the ability to automatically clean the CodeRedII virus off of the viewer's system, if present.
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (etc), which then scans the sender's IP and proceeds to start a command session, download the patches, and do whatever else is needed to done to vanquish the worm.
:)
... afterall, they tried to hack your box first. ;)
All the viewer has to do is click a button at the bottom of the screen.
Just so happens that this particular button sends a request to
Afterall, they did click on the link, right?
Seriously though, if someone wants to get all pissy about you going to their box and fixing their screwup, threatening to sue and the like, I'd just countersue
Your solutions should not affect the state of the infected machines. Even if you could "fix" their machine. Even telling them that their machine is infected is over the line, if you're using their machine to do it.
Now there is ethics and there is ethics. Here is a scenario that occurred once in Baltimore. A house thief hot-wired a car. He jammed the steering wheel all the way to the side and floored the gas. The car spun and made lots of noise. Meanwhile, the thief broke into people's houses (that is besides the point). Am I ethical if I jump into the moving car and turn it off ?
The point I am raising is that the car poses a risk to society. I am altering someone else's property in stopping it. However, I don't think it can be called unethical. The danger was created by someone who was not the owner - removal of that danger by another third party can be ethical depending on the magnitude of the danger and the alteration of the property.
As another example, suppose my neighbor's house is burning and his 10 year old is screaming at the window, and he is not around. Am I ethical in breaking in to save his child ? In this case the answer is really clear.
In the case of machines compromised with CodeRedII, consider the capability for MASSIVE DDOS directed at anybody launchable by anybody. Those machines are tools to be used by anyone for any reason they like. They can be used as launching points for hacks on military sites. They can be used to snoop for passwords etc. If you go onto those machines and simply remove them from the network by shutting them down (in an orderly fashion), I think you could argue rather strongly that you are taking such action in the interest of public safety.
Ethics is rarely so cut and dried that one could claim that you should NEVER alter someone else's property.
The thing is they CAN seize you and force you to take medicine IF you are determined (Usually by 2 doctors) to be a danger to yourself or others. Ever hear the term "Involuntary Commitment"
There ARE times when you are forced to do things
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
...though it's not quite as effective.
Since the start of this week, I've been running a Perl script as an hourly cron job that parses my firewall logs, gets the originating IP addresses of any Code Red scans, does a reverse lookup, attempts to extract a meaningful domain name and then mails a polite notification to postmaster and webmaster at that domain. The notification contains a link to the MS page with the details of the relevant patches.
Since doing so, I've had a number of responses from people thanking me for pointing out the problem and confirming that their server has now been patched. The response rate is only about 1%, largely due to the fact that around 90% of the problem servers are on dial-ups/cable modems/DSL, but it's better than nothing.
I'm not advocating that everybody, or even a large number of people, do this, as the amount of traffic it would generate would only add to the problem, but it seems like a more legal solution than another, white-hatted, worm.
I would be a paid subscriber if Taco and Hemos weren't such cunts
Guees that means if my machine gets hacked here I have to give it over to whomever hacked it.
I'm the big fish in the big pond bitch.
If these worms are illegal because they gain unauthorised entry then of course making a 'friendly' virus is illegal because it is doing the same thing.
Having good intentions is nice but consider this (fictional) scenario: A local cat keeps trying to have 'relations' with my cat and I dont know who the owner is, plus the owner is unaware of their cat's activity. I catch the cat and get it 'fixed' without the owner knowing. When the owner finds out I doubt they or the police would be too pleased about it. Swap 'cat' for 'web server' and you have this code red situation.
Yes the internet is unpoliced but I dont think the 'Do-Gooder' virus is a very good answer. Internet policing is an interesting new subject but traditional security ideas still apply - the owner of the house is the one responsible for making sure the door is locked. People need to be taught this applies to the internet too.
(And no jokes about unauthorised entries thank you very much)
Slashdot desperately needs is a full-time lawyer. It's a great site for Internet geek stuff but nobody on the site has the first fucking clue about liability law. That in itself would not necessarily be awful if it were not the case that all discussions here invariably end up with a bunch of laymen talking legal theory. Lawyers, help!
I'm sure folks will scream its illegal and it probably is - but can't a case be made for 'self defense' I mean if someone brandishes a gun at me am I not within my rights to shoot them or at least take their gun away?
Why not apply the same logic to this, they are probing me to infect my server so why can't I probe back and disarm them?
Top Most Bizarre/Disturbing Error Messages