Hacker's tool combats killer viruses
Linux-based program could mean sticky end for worms
A self-confessed "white hat" hacker has created a tool allowing network administrators to fight back against worms like Code Red and Nimda.
The open source Linux based 'LaBrea', named after the tar pits of Los Angeles, is designed to trap worms such as Code Red and Nimda while they're scanning for vulnerable hosts, effectively holding them in a 'tar pit' forever.
Tom Liston, the author of LaBrea and webmaster of the Hackbusters.net security site, described LaBrea as "a program that creates a tarpit or, as some have called it, a 'sticky honeypot'."
He explained that LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts sent out by infected machines.
LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck" in the tar pit, for an indefinite period of time.
The tool is free under General Public License and basically transforms unused network resources into decoy machines that tie up malicious threads. It renders them harmless, as worm threads trapped in the tar pit are unable to move on to attack other machines.
It consumes next to nothing in terms of resources, hogging about 110 bytes per second of bandwidth.
Originally, LaBrea was created as a counter-measure to Code Red, but this week has successfully been tested on Nimda. There is no reason it could not be used to trap other worms.
Liston has a list of infected machines currently being held on the Hackbuster website. He claims to have over one thousand Nimda infected machines and 300 Code Red infected machines currently stuck in his tar pits. Some have been trapped for over a week.
Although his own efforts may be stopping just a handful of machines from infecting the internet, if the concept is taken up by the internet community, it could help to stop worms like Nimda in their tracks.
Rob Rosenberger, editor of virus information site Vmyths.com, said: "LaBrea gives its users a tactical advantage over 'zombie' computers like those compromised by the Code Red worms. The computer security industry will find it a very intriguing utility."
More information, and the tool itself, can be found at Hackbusters
Further reading
V3 Latest
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
Intel NUC latest news: Intel releases two new NUCs and five NUC kits
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
Apple fanboy hacks company network - saves purloined files in folder called 'hacky hack hack'
'Notorious' Australian child hacker thought he had executed 'flawless' hack
Ex-employee accuses Tesla of spying on workers and ignoring drug cartel operating in Gigafactory
The former employee says that Tesla fired him for bringing the accusations to management internally
Most read
