June 19, 2010 by Andre Jackson
It’s always satisfying to see the baddies getting beaten at their own game, and news today suggests that web criminals are just as at risk of malicious attacks online as the people they target with malware.
A recent study has discovered that the tools used by many cyber criminals are not very secure, because they are full of programming bugs and gaps which make them vulnerable to outside interference. Just as professional gardeners tend to have shabby back yards, and chefs bring a take-away home after work, it seems cyber criminals are not very good at safeguarding their software from attack.
Security experts are suggesting that it will be possible to exploit the vulnerabilities within attack tools, and turning them against those who are deploying them. The bugs in the software mean that security experts could establish which individuals were using the tools, and manipulate the software to launch counter attacks on the individuals behind the malicious activity.
Although a few cybercriminals programme their own tools, many use generic software (malware kits) that are available online. These programs bundle everything required to launch a malware attack in one handy kit.
French computer security researcher Laurent Oudot from Tehtri Security has analysed the inner workings of many of these malware kits to see how secure they are. He found that many kits which are the most popular, also have huge security loopholes which would make it easy to turn the tables and attack the attackers.
Exploiting these loopholes and vulnerabilities will give security experts an opportunity to gather information about the people behind malware attacks, identifying who they are, where they are located, and perhaps even confiscating their tools and equipment to prevent further criminal activity from taking place. Mr Oudot acknowledged that using the loopholes might “lead to legal issues” but said the research was done to “open new way to think about IT security, worldwide”.
Related posts:
