This story on \. today reminds me of a “what if” thought that I’ve had once before.
Wired story about scientists who plan to use genetically modified mosquitoes to reduce the population of Dengue-carrying insects. The altered genes cause newly born mosquitoes to die before they are able to breed if they are not supplied with a crucial antibiotic. This is a more aggressive approach than the anti-Malaria work we discussed last year
In the security arms race against black-hat hackers, it’s common for them to copy our security measures and use it against us. Perhaps it’s time we did the same. What if we made malware to infect their malware? I mean, they make malicious stuff to infect victims, so how about us infecting their malware with our payload (malware for malware? If the two terms cancel out, does that make it goodware?) — just like the genetically modified mosquitoes?
It’s an interesting thought: to annoy them with their own annoyance. At the very least, perhaps we could put a dent the revenues of those info.stealer banker trojans who prey on banking/financial login/passwords .. by feeding them a whole crapload of wrong username and passwords. They’d have a mountain of data to sift through, and this would definitely bog down their current operations significantly.
I’d have to guess that at the moment, for the bank username/passwords they successfully harvest, the majority of them work. Now imagine that out of a 100 username/passwords they harvest, only 1 actually works. That’s a huge burden on their side. It’s kind of like their spam operations. They flood us with crap, and the very tiny majority of people who are actually (dumb and stupid enough) to buy those things actually make the spamming efforts worth while. It’s a game of numbers to them.
So likewise, it’s a game of numbers for us. Flood them with so much fake banker information, they’d have to work to get their stolen money.
Anyhow. it’s just my random thoughts. I haven’t blogged in a while, been rather busy. I love reading up on advances in other industries because sometimes you see similar problems and sometimes the solution in one industry can be applied in the other. Bioinformatics is a great example.
Update 2/14/2008: New Scientist Tech is running a story on this! Similar to what I had in mind .. this is awesome. About time the good guys used the same tricks back on the scumbags.
From the article:
Microsoft researchers are hoping to use “information epidemics” to distribute software patches more efficiently.
Milan Vojnović and colleagues from Microsoft Research in Cambridge, UK, want to make useful pieces of information such as software updates behave more like computer worms: spreading between computers instead of being downloaded from central servers.
Chuanyi Ji at Georgia Tech, University, US, is also interested in designing a “perfect worm”. As well as revealing weaknesses of networks, such a worm could rush out defensive software patches faster than an attacking worm can spread, she says.