Home page logo
/

nanog logo nanog mailing list archives

Re: Quarantine your infected users spreading malware
From: Michael.Dillon () btradianz com
Date: Tue, 21 Feb 2006 10:08:51 +0000


How do you get the unwashed masses of ISPs
to join the choir so you can preach to them?

Why not just bypass them and go direct to the unwashed
masses of end users? Offer them a free windows 
infection blocker program that imposes the quarantine
itself locally on the user's machine. This program
would use stealth techniques to hide itself in the
user's machine, just like viruses do. And this program
would do nothing but register itself with an encoded
registry, and listen for an encoded command to activate
itself. Rather like a botnet except with the user's
consent and with a positive goal.

When the community of bot/worm researchers determines
that this machine is infected, they inform the central
registry using their own encoded signal. When enough
"votes" have been collected, the registry sends the
shutdown signal to the end user, thus triggering the
blocker program to quarantine the user.

At this point a friendly helpful webpage pops up
and guides the user through the disinfection process.

Unlike antivirus software, the application on the user's
computer does not need to detect malware and it needs
no database updates. It does only one thing and it relies
on the collective intelligence of the anti-malware community.

This won't stop worms or botnets, but it will slow them down
and it will greatly speed the cleanup process.

--Michael Dillon


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault