This is not a new idea and reminds me of certain ‘anti-virus virus’ bootsectors that were commonplace on those venerable late 80′s/early 90′s machines – the Atari ST and the Commodore Amiga. These were bootsectors that spread like viruses, specifically targetting known viruses and ‘immunising’ new floppies against infection, effectively by simulating an infection.

The problems with these soon became apparent. Firstly, they sometimes made mistakes, and ‘immunised’ disks that were not meant to be modified – usually games, but often demos as well. Such pieces of software had clever loaders and bootsectors that would create a false positive and after immunisation they would become corrupted and non-functional.

The second (and probably more relevant to today) was that the ‘good’ viruses contained functional replication code which provided the bad guys with a really nice starting point… by reverse engineering the anti-virus viruses, you could insert a real payload and suddenly you had a wealth of new viruses appear which were variants of that common theme.

Mapping that onto today’s world, this leaves two main challenges as I see it. Firstly, if a ‘good’ botnet was to start tracking down and cleaning up infected hosts, who is to blame if something goes wrong and problems arise.. problems that may range from minor data corruption through data loss and potentially system disablement. The evil botnetter doesn’t care, they’ll just go for it. The good guys, on the other hand surely have some duty of care (and ultimate responsibility) for the results of their code being deployed on peoples systems.

The second challenge is one of reverse engineering / hijacking. One thing that does seem pretty certain is that many of the botnets are actually running very sophisticated software, and certainly Conficker C looks to be right up there (interestingly, at the time of writing the payload kicks off today, April 1). What could be the consequences of similar quality code, developed by government/sanctioned organisation/whoever being ‘cracked’ and turned into something malevolent?

I guess the problem is as much political and moral as it is technical. For sure, something will have to be done otherwise the logical conclusion is that the entire Internet becomes a playground for malware. Some would say it already is, but it looks as if it can only get worse.

I’m not sure I have the answers, but certainly the article raised some interesting questions in my head.

Eddy.

Cisco Systems Inc. has long occupied its own niche, supplying routers and other devices that complement the server systems sold by companies such as Hewlett-Packard Co. and International Business Machines Corp. That picture may soon change.

Read More:
http://blogs.wsj.com/biztech/2008/12/12/cisco-pushing-further-into-the-data-center/