- Echo returns the own malware systems to tackle – like fighting fire with fire, but more intelligent
- Echo uses the malware update chain to push a digital self -destruction
- Georgia Tech’s tool makes bot cleaning almost automatic
Malventy infections, in particular those linked to botnets, continue to cause major damage to business systems, often not detected until it is too late.
Techxplore reports that Georgia Tech researchers have developed a tool called Echo that transforms tables using the own malware infrastructure to delete it.
Echo uses key functionality in many malware strains: integrated remote update mechanisms. By identifying and reusing these mechanisms, Echo can deploy a personalized payload that deactivates malware from the inside.
A self-partner remedy for botnets
Botnets – a network of infected computers controlled by malicious actors – have long been a serious threat of cybersecurity. They can lock workflows, expose sensitive data and inflict financial losses.
Usually the abolition of botnets is a tedious manual process that can take days or even weeks. Echo aims to change this. During the tests, he managed to neutralize 523 of the 702 Android malware samples, reaching a success rate of 75%.
The idea of diverting the malware communication channels is not entirely new. In 2019, the authorities of Avast and France collaborated to dismantle the Botnet Retadup in Latin America. During its success, the effort was difficult to reproduce.
“This is a very good approach, but it was extremely with a high intensity of labor,” said Brendan SaltaFormaggio, an associate professor at Georgia Tech. “So, my group met and realized that we have the research to make it a scientific, systematic and reproducible technique, rather than a single effort, man -oriented.”
Echo works through the first cartography How the malware deploys the code. He then analyzes if these deployment channels can be reused to transport a new benign payload which deactivates the original infection.
Once validated, this correction code is tested and deployed. The process considerably reduces the Botnet response time and limits potential damage.
The tool, now open to GitHub, is not intended to replace traditional security solutions but to complete them.
“We can never reach a perfect solution, but we can raise the bar high enough for an attacker so that they are not worth it for them to use malicious software in this way,” said SaltaFormaggio.
Organizations using antivirus, EPP and other malware protection tools can turn to Echo to rationalize sanitation once a violation is detected.
