Malware Counterattack: Hacking the Hackers

According to a news article on Government Computer News, federal agencies can and may already be using attacker’s malware code against them. Security expert Andrzej Dereszowski demonstrated how this would work at the recent Blackhat Europe security conference.

Andrzej analyzed the source code of a .pdf Trojan. He then compared the source code to known Remote Access Toolkit programs and found a match. He then took the toolkit and ran exploit attacks against it until he found an error in the program. It was a buffer overflow.

Then, analyzing the buffer overflow, he created his own exploit to work against the Trojan. Using a Metasploit shell, he was able to connect back to the malware command and control server using its own communication techniques. He was then able to fully access the Command and Control malware server, effectively hacking the hackers.

The connection back to the server would be hard if not impossible to detect, because it would appear to just be another malware infected client checking in. This type of counterattack theoretically could be used against the majority of current threats. All that would be needed would be the technical experts like Andrzej to decompile and reverse engineer the source code.

Currently, it is against federal law for civilians to counter attack a hacker. But, one could assume that federal agencies are already using these techniques. Now, what would be very interesting is if the next version of Einstein (The Government’s automated virus protection system) had a database of exploited malware code. When the system detected an attack, it could analyze the incoming attack, determine what malware the attack is based on and automatically execute the reverse attack, all on the fly and in real time.

Cool stuff, a PowerPoint of Andrzej’s presentation can be found on Blackhat Europe’s website.

D. Dieterle

*** Check out Rsignia’s new offensive cyber weapon. It can jam hackers, capture data from hackers and change it before resending it and best of all, it can install code on bot net Zombies attacking your network and turn them against each other!


5 thoughts on “Malware Counterattack: Hacking the Hackers”

  1. Every time I think this subject can’t get any cooler, something like this comes out and proves me wrong. I just wish we could auto-download this kind of skill right into our brain cases, “Johnny Mnemonic” style. LOL

    Seriously though, What a pro to be able to do something like this! These kind of things tend to change the entire game….

    1. Yeah, That would be awesome to just plug into a computer system Matrix style and download the skills.

      These guys that can reverse engineer and custom code really seperate the men from the boys when it comes to computer security. We need a bunch of them on a US government Delta force type hacking team.

  2. Computer forensics is becoming increasingly necessary. Crime has increased in the last ten years and is one of the most common methods of committing crime. Millions of dollars are lost each year, theft of computer data. This work led to an increase in computer forensic-LED.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.