Equipped with the best capacities of a computer worm, Hopper, developed by a company specialized in cybersecurity, renders proud services to the community.
If it occupies a more distant place in the credits of the cybersecurity film, behind ransomware for example, the computer worm is nonetheless a piece of malicious software like any other. It continues to circulate around the world, where it sometimes does great damage. The MyDoom worm alone has caused over $52 billion in damages. But cybersecurity is sometimes a very surprising subject. There is indeed, somewhere in the cyber world, a worm that does good. He even has a name: Hopper. And no, he’s not Hawkins Chief of Police.
Hopper, a benevolent worm that is not a blue
By definition, a worm exploits known computer vulnerabilities to insert itself into many machines. It spreads autonomously and initially hides in messaging services, free downloaded software (most often via peer-to-peer networks) or emails. At best, it will slow down the devices it embeds itself on, and at worst, it can drop malware (even ransomware) on a machine, often in a very sneaky way. Yes, the worm is very discreet and not very boastful.
Detection and protection tools can have trouble spotting worms. So what better than a worm to get rid of a worm that can bypass Privileged Access Management (PAM) or launch an attack aimed at identity theft? This is the good idea that had the experts of Cymulate, a Texas company specializing in end-to-end IT security management for companies.
This is how they created Hopper, a worm with command and control, but also built-in elevation of privileges as well as other hidden abilities that allow him to enjoy the perfect panoply of the sneaky little worm. Except that Hopper is doing good, on behalf of the White Hat hackers, or ethical hackers, of the company who, thanks to him, understand how a worm could infiltrate this or that network, and how far it could go.
A worm that brings answers to defenders
Hopper is based on a common malware programmer, actually a small executable that acts as an initial payload, the purpose of which is to prepare a larger payload. The worm was designed so that the initial payload would not have to be modified if Cymulate updates it.
To maximize Hopper’s flexibility, experts have added different initial execution methods, additional communication methods, and various injection methods, among others. In order to create a stealth worm, it was necessary to allow maximum customization of its functionalities.
The interest of exploiting its own worm makes it possible to learn more about the behavior of this malware, and thus to further help defenders to better anticipate its evolution and the potential devastation it can cause. Like what, it was enough to think about it.
On the same subject :
“There is a lack of more than 15,000 cybersecurity experts in France” (Microsoft)
Source : The Hacker News
15