编写病毒僵尸网络杀手程序

发布于 2024-10-04 18:51:55 字数 802 浏览 4 评论 0原文

摧毁僵尸网络的最佳方法难道不是来自编写自己的病毒吗?

防病毒软件从不冒犯。它只是等待那些有足够时间窃取/下载/安装 X 软件、测试其防御并向其无人机/僵尸部署新更新以利用 X 软件弱点的人的攻击。因此,立即击败 X 软件(特别是如果您的 PC 最终成为测试新漏洞的第一候选者)。

因此,为了进攻,为什么不编写自己的防病毒软件呢?

抛开伦理/道德不谈,如果你编写了一种自我传播的病毒,其唯一使命是消灭 Zeus、Conficker、Grum、Bobax 等,那么你可以坐下来,放松地看着你的电子邮件过滤器逐渐无事可做。

您可以成为网络蝙蝠侠。为了更大的利益而打破规则!当然,我并不是认真提倡私刑,但从理论上讲,您可以使用与病毒/蠕虫/特洛伊木马相同的策略对任何僵尸网络发动战争。

为了使其更加道德,请在清理电脑并将其自身复制到另一台电脑后让您的程序自行删除。

参与僵尸网络的人没有要求参与,那么是否需要要求他们不参与?

你怎么认为?

编辑

正如@Woot4Moo 指出的,我显然在这个领域没有太多背景。

我当然知道你无法真正将道德/伦理与这个问题分开,因为归根结底,我也不希望任何人弄乱我的东西(无论他们的“良好”意图如何)。

我想我的问题更像是(再次试图消除道德)“哪一个在解决问题方面会更有效?”等待被攻击或进攻。这个想法催生了我的“好僵尸网络”想法(一个明显被击败的想法)。

所以我的反问是我们如何继续进攻?攻击命令&控制服务器? (再次强调,烧毁建筑物是违法的,即使它属于暴徒)。或者我们不应该打扰并永远防守? (如果我不知道进攻性举措,请赐教)。

Wouldn't the best way to dismantle a botnet come from writing your own Virus?

Anti-Virus software never plays offense. It simply waits to be attacked by people who have ample time to steal/download/install X software, test its defenses, and deploy new updates to their drones/zombies to exploit X software's weakness. Thus instantly defeating X software (especially if your PC winds up being candidate #1 for testing the new exploit).

So to play offense, why not write your own Anti-Virus Virus.

Ethics/Morality aside, if your wrote a self propagating virus whose sole mission was to take out Zeus, Conficker, Grum, Bobax, etc. you could sit back, relax and watch as your email filter gradually runs out of things to do.

You could be the Batman of the web. Breaking the rules for the greater good! I'm not seriously advocating vigilantism of course, but in theory, you could wage a war against any botnet using the same tactics that a virus/worm/trojan uses.

To keep it more ethical, have your program self delete once it's cleaned a PC and copied itself to another.

The people participating in the botnet didn't ask to participate in it, so should they need to be asked to not participate in it?

What do you think?

EDIT

As @Woot4Moo pointed out, I clearly don't have a lot of background in this field.

And I certainly know you can't truly separate morality/ethics from this question, since at the end of the day I don't want anyone messing with my stuff either (regardless of their "good" intentions).

I guess my question was more along the lines of (again attempting to remove morality) "Which would be more efficient at combating the problem?" Waiting to be attacked or offensively attacking. This idea spawned my "Good Botnet" idea (an idea clearly beaten down).

So my counter question is how do we go on the offense then? Attack the Command & Control Servers? (Again, illegal to burn down a building even if it's owned by the mob). Or should we not bother and play defense forever? (And if I'm ignorant of an offensive initiative then please enlighten me).

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

深者入戏 2024-10-11 18:51:56

这个想法在理论上很有吸引力,并且已经发生了

1) Worm-vs-Worm(补丁想法):2003 年的 Welchia 蠕虫试图在 2003 年的 Blaster 蠕虫之后进行清理,但意外后果的法则(以及一些糟糕的结果)设计选择)开始:带宽饱和,新的攻击向量 http://www.icir.org /vern/worm04/castaneda.pdf

据我所知,这是唯一一次启动反蠕虫病毒。后来的蠕虫病毒(如 Conficker)通过修补漏洞并添加特殊协议功能(仅允许附属的 C& 病毒)来防范这种情况。 C 进入 - 因此该漏洞成为带有代码的后门。

2)劫持C& C 渠道:多个研究小组已经接管僵尸网络来研究它们:UCSB 于 2009 年在 ACM CCS 上发表了一篇公开论文:http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf

公共僵尸网络业务是大笔资金,因此投入了大量工作制作 C & C 通道无懈可击(强加密、去中心化、双通量等),可防止关闭和接管。

附录:

2012/2:Seawave:博士论文< /a>良性第 2 层“拓扑感知漏洞”
缓解蠕虫“
2012 年 1 月:日本/富士通有一个“主动防御”病毒项目(制定了 3 年),声称可以在网络攻击的情况下进行归因和中和
cnet 链接

The idea has appeal in theory, and it has happened

1) Worm-vs-Worm (the patch idea): The Welchia worm in 2003 tried to clean up after the Blaster worm in 2003, but the law of unintended consequences (and some poor design choices) kicked in: bandwidth saturation, new attack vectors http://www.icir.org/vern/worm04/castaneda.pdf

As far as I know, this is the only time that a counter-worm was launched. Later worms (like Conficker) hedge against this by patching the vulnerability and putting in special protocol features that only allow affiliated C & C to get in - so the vulnerability becomes a backdoor with a code.

2) Hijacking the C & C channels: Several research groups have done taken over botnets to study them: UCSB has a public paper at ACM CCS in 2009: http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf

Public botnet business is big money, so a lot of work is put into making the C & C channels unassailable (strong crypto, decentralization, double flux, etc) to prevent the shutdown and takeover.

Addenda:

2012/2: Seawave: PhD thesison benign layer 2 "Topology-Aware Vulnerability
Mitigation Worms "
2012/1: Japan/Fujitsu has an "active-defense" virus project (3 year in making) that claims to attribute and neutralize in case of cyber-attacks cnet link

梦里兽 2024-10-11 18:51:56

从技术角度来看,这可能是可能的,而且我听说它已经在僵尸网络与僵尸网络级别上发生了(找不到参考资料 - 抱歉),如果那里也有研究人员,我不会感到惊讶做类似的事情,尽管出于道德方面的考虑,他们不太可能宣布或吹嘘它。

从道德的角度来看,你可能不应该这样做。您正在将软件安装到其他人的计算机上,并在未经他们许可的情况下随意使用它。这类似于通过客厅窗户闯入某人的房子以确保烟雾警报器仍在工作。如果用户自愿参与(即,他们故意安装该软件),那么就可以了,但那样就会像任何其他防病毒软件一样......同意是这里的关键。

From a technical point of view this is probably possible and I have heard it is already happening at a botnet vs. botnet level (can't find the reference - sorry), and I wouldn't be surprised if there were researchers out there also doing similar things, though they're unlikely to announce it or brag about it due to the ethical concerns.

From an ethical point of view, you probably shouldn't do this. You're installing software onto someone else's machine and mucking around with it without their permission. It would be similar to breaking into someone's house through the living room window to ensure that the smoke alarms are still working. If the users participated in it voluntarily (that is, they deliberately install the software) then it would be OK, but then it would be like any other anti-virus... consent is the key here.

遗弃M 2024-10-11 18:51:56

这不可能发生。理论上听起来不错,但如果他们没有杀了你,你很快就会发现自己进了监狱。你可以简单地将道德抛在一边,按照你的意愿去做。

这与索尼在每张 CD 上放置间谍软件以阻止用户翻录音乐有何不同?它不是。在索尼看来,盗版音乐的人就是坏人,他们采取了类似于你建议的措施来打击它。最终他们被起诉并被处以巨额罚款。教训?仅仅因为您认为需要保护自己的利益,就不能在不公开的情况下将某些内容放在另一台计算机上。绝不。

This cant happen. It sounds good in theory, but if they didnt kill you, you would soon find your self in jail. You can simply push ethics aside and do as you wish.

How is this any different from when Sony put spyware on each CD so they could prevent users from ripping the music? Its not. In Sony's eyes they person who ripped music was the bad guy, and they employed a measure similar to what you suggested to combat it. In the end they got sued and slapped with a huge fine. The lesson? Just because you think you need to protect your interests, it is never ok to put something on another computer without disclosure. Never.

烟酒忠诚 2024-10-11 18:51:56

一些研究人员已经创建了类似的东西,但从未被使用过。这与创建僵尸网络一样非法。而且我认为这不会真正有长期帮助。

Some researcher already created something like this, but this was never used. That is as illegal as creating the botnets in the first place. And I don’t think this would really help for long.

欲拥i 2024-10-11 18:51:56

老实说,这是我听过的最糟糕的想法。你要么缺乏知识,要么故意搞笑。我不要求警察保护我,但如果他们每天向我的车开枪,我肯定会感到不安,你知道,以防万一。此外,通过寻找规避保护的方法,你在研究中赚的钱比通过创建保护赚的钱更多。看看有哪些科学家帮助职业运动员隐藏类固醇的使用。

This is honestly the worst idea I have ever heard, ever. You either have a lack of knowledge or you are intentionally being ridiculous. I don't ask the police to protect me, but I surely would be upset if they shot at my car every day, ya know just in case. Additionally you make more money in research by finding ways to circumvent protection than you do by creating the protection. Look at any scientist whom helps a professional athlete hide steroid use.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文