January 04, 2012
The Japanese government collaborated with Fujitsu to create a virus which detects malware and collect info on the hackers. A virus on a virus?
This is the technical schematic:
I see a few problems with it:
- As we all know, most malware and attacks are distributed through non-involved 3rd parties. Obviously the "fight back" mechanism is going to affect these by standers rather than the actual attackers. There are of course tools that can be developed to try and track the actual source of the attack but I don’t see a reason to distribute them as a virus at end-points rather than take a honey-pot approach. I remember that back in the late 90s, there was a trend of "fight back", mainly trying to automatically break into the computer that sent an attack (or allegedly sent an attack) and take it down (or DDoS it). It quickly turned out to be a disaster in terms of going after the wrong people.
- Deliberately introducing viral code into end-points is a one of these things that will only end in tears. Any misconfiguration or vulnerability in the "protection" code will allow attackers to efficiently introduce their code into each end point in the organization.