- I turn the malware systems themselves to attack yourself, such as fighting fire with fire, but smarter
- Echo uses the malware update channel to expel digital self -destruction
- The Georgia Tech tool makes Botnet clean
Malware infections, especially those linked to Botnets, continue to cause important damage to business systems, often without being detected until it is too late.
Techxplore Researchers Reports from Georgia Tech have developed a tool called Echo that rotates the tables through the use of malware infrastructure to eliminate it.
Echo exploits a key feature in many malware strains: built -in remote update mechanisms. By identifying and reusing these mechanisms, Echo can implement a personalized payload that deactivates malware from the inside.
A self-extended remedy for Botnets
Botnets, a network of infected computers controlled by malicious actors, have long raised a serious cybersecurity threat. They can block workflows, expose confidential data and inflict financial losses.
In general, eliminating botnets is a tedious manual process that can take days or even weeks. Echo aims to change that. In the tests, he successfully neutralized 523 of 702 Android malware samples, achieving a success rate of 75%.
The idea of kidnapping malware communication channels is not entirely new. In 2019, Avast and the French authorities collaborated to dismantle the Retadup botnet in Latin America. While it was successful, the effort was difficult to reproduce.
“This is a really good approach, but it was extremely laborious,” said Brendan Saltaformaggio, an associate professor at Georgia Tech. “So, my group met and realized that we have the research to do this a scientific, systematic and reproducible technique, instead of a unique effort, driven by humans and miserable.”
Echo works by maping first how malware implements the code. Then analyze whether these implementation channels can be reused to carry a new benign payload that disables the original infection.
Once validated, this remediation code is tested and implemented. The process significantly reduces the response time of the botnet and limits the potential damage.
The tool, now of open origin in Github, is not intended to replace traditional security solutions but complement them.
“We can never achieve a perfect solution, but we can raise the bar high enough so that an attacker is not worth using malware in this way,” said Saltaformaggio.
Organizations that use antivirus, EPP and other malware protection tools can resort to Echo to expedite remediation once a violation is detected.
