Well, it's a good idea and has already been done, btw. It's been discussed many times on the honeypot group. This is definately OT, but someone tested this on their local network with the blaster virus (proof-of-concept). End result was it worked, but as I recall their was a lot of talk about the multiple laws it breaks and such. You could if you really wanted to, do this via a honeypot, but I wouldn't recommend it. It's generally frowned upon to take an offensive approach. At any rate, this is getting really off topic for this group...so I'm just ganna put my foot in my mouth now. :)
-- Jon Fred said: > Sorry for the off topic, the low list traffic had me thinking. > > I thought of a dirty trick to fight back against the spammers who are > creating trojans with backdoors. > > I'm thinking one might be able to create an evil program to scan for these > infections and close them down. > > If a backdoor exists which allows myDoom.b to infect the system through > the previous mydoom.a infection, it should be therotically possible to > infect the system with a nice trojan to remove previous infections and > inform the (L)user what just happened. > > This concept was done before (welchia?) but they made a bad choice. My > intent is not to infect them with a copy of said evil program but only to > close the infection and inform the user, no harm done. > > I'm thinking this would be just as bad as creating a virus, but at least > someone was fighting for the people! > > Sysadmins need to do something to take control of their networks. At > least a million infections of .a, that means a lot more zombies to send > spam and attack our blacklists. > > > Frederic Tarasevicius >
