Hacker's tool combats killer viruses
Linux-based program could mean sticky end for worms
A self-confessed "white hat" hacker has created a tool allowing network administrators to fight back against worms like Code Red and Nimda.
The open source Linux based 'LaBrea', named after the tar pits of Los Angeles, is designed to trap worms such as Code Red and Nimda while they're scanning for vulnerable hosts, effectively holding them in a 'tar pit' forever.
Tom Liston, the author of LaBrea and webmaster of the Hackbusters.net security site, described LaBrea as "a program that creates a tarpit or, as some have called it, a 'sticky honeypot'."
He explained that LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts sent out by infected machines.
LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck" in the tar pit, for an indefinite period of time.
The tool is free under General Public License and basically transforms unused network resources into decoy machines that tie up malicious threads. It renders them harmless, as worm threads trapped in the tar pit are unable to move on to attack other machines.
It consumes next to nothing in terms of resources, hogging about 110 bytes per second of bandwidth.
Originally, LaBrea was created as a counter-measure to Code Red, but this week has successfully been tested on Nimda. There is no reason it could not be used to trap other worms.
Liston has a list of infected machines currently being held on the Hackbuster website. He claims to have over one thousand Nimda infected machines and 300 Code Red infected machines currently stuck in his tar pits. Some have been trapped for over a week.
Although his own efforts may be stopping just a handful of machines from infecting the internet, if the concept is taken up by the internet community, it could help to stop worms like Nimda in their tracks.
Rob Rosenberger, editor of virus information site Vmyths.com, said: "LaBrea gives its users a tactical advantage over 'zombie' computers like those compromised by the Code Red worms. The computer security industry will find it a very intriguing utility."
More information, and the tool itself, can be found at Hackbusters
Further reading
V3 Latest
First plant to grow on the Moon, err, dies
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago