View Poll Results: Is it o.k. to remove malware remotely without informing the infected machines owner?
- 32. You may not vote on this poll
October 25th, 2006, 10:07 PM
Ethics and computer security
The highly succesfull bagle worm was capable of being removed remotely.
From f-secure http://www.f-secure.com/v-descs/bagle.shtml
F-Secure can confirm that the remote removal method found by Joe Stewart of Lurhq does indeed work.
Sending a specific byte sequence to port 6777 on the infected computers causes the worm to delete itself from the System Directory and terminate its process. The registry values are not removed but since the file does not exist Windows will ignore those.
The byte sequence to be sent:
0x43 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x04 0x31 0x32 0x00
Please note that the usage of this method agains someone else's computers might be legally questionable."
F-Secure notes above that using this method is legally questionable when run against someone elses computer. Putting aside the legality of this method (although anyone who has worked in "cyber" law please comment) I am curious if the community thinks the method is morally acceptable.
Last edited by stevel; October 25th, 2006 at 10:33 PM.