{"id":665325,"date":"2025-04-25T16:30:24","date_gmt":"2025-04-25T13:30:24","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/a-new-automated-removal-tool-can-stop-most-remote-controlled-malware\/"},"modified":"2025-04-25T16:30:24","modified_gmt":"2025-04-25T13:30:24","slug":"a-new-automated-removal-tool-can-stop-most-remote-controlled-malware","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/a-new-automated-removal-tool-can-stop-most-remote-controlled-malware\/","title":{"rendered":"A new automated removal tool can stop most remote-controlled malware"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a297ddfe67a6\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a297ddfe67a6\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/a-new-automated-removal-tool-can-stop-most-remote-controlled-malware\/#Botnet_backstory\" >Botnet backstory<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/a-new-automated-removal-tool-can-stop-most-remote-controlled-malware\/#Botnet_breakdown\" >Botnet breakdown<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<div class=\"article-gallery lightGallery\">\n<div data-thumb=\"https:\/\/scx1.b-cdn.net\/csz\/news\/tmb\/2025\/spy-vs-spy-a-new-autom.jpg\" data-src=\"https:\/\/scx2.b-cdn.net\/gfx\/news\/2025\/spy-vs-spy-a-new-autom.jpg\" data-sub-html=\"formal model instantiated from the Youku sample. Credit: Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse. https:\/\/www.ndss-symposium.org\/ndss-paper\/hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse\/\">\n<figure class=\"article-img\">\n            <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/scx1.b-cdn.net\/csz\/news\/800a\/2025\/spy-vs-spy-a-new-autom.jpg\" alt=\"Spy vs. spy: A new automated removal tool can stop most remote-controlled malware\" title=\"formal model instantiated from the Youku sample. Credit: Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse. https:\/\/www.ndss-symposium.org\/ndss-paper\/hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse\/\" width=\"800\" height=\"530\"\/><figcaption class=\"text-darken text-low-up text-truncate-js text-truncate mt-3\">\n                formal model instantiated from the Youku sample. Credit: Hitchhiking Vaccine: Enhancing Botnet Re<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tion With Remote Code Deployment Reuse. https:\/\/www.ndss-symposium.org\/ndss-paper\/hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse\/<br \/>\n            <\/figcaption><\/figure>\n<\/p><\/div>\n<\/div>\n<p>Cyberattacks can snare workflows, put vulnerable client information at risk, and cost corporations and governments millions of dollars. A botnet\u2014a network infected by malware\u2014can be particularly catastrophic. A new Georgia Tech tool automates the malware removal process, saving engineers hours of work and companies money.<\/p>\n<p>The tool, ECHO, turns malware against itself by exploiting its built-in update mechanisms and preventing botnets from rebuilding. ECHO is 75% effective at removing botnets. Removing malware used to take days or weeks to fix, but can now be resolved in a few minutes. Once a security team realizes their system is compromised, they can now deploy ECHO, which works fast enough to prevent the botnet from taking down an entire network.<\/p>\n<p>&#8220;Understanding the behavior of the malware is usually very hard with little reward for the engineer, so we&#8217;ve made an automatic solution,&#8221; said Runze Zhang, a Ph.D. student in the School of Cybersecurity and Privacy (SCP) and the School of Electrical and Computer Engineering.<\/p>\n<p>The researchers presented the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.ndss-symposium.org\/ndss-paper\/hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse\/\" target=\"_blank\">paper<\/a>, &#8220;Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse,&#8221; at February&#8217;s Network and Distributed System Security (<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.ndss-symposium.org\/ndss2025\/\" target=\"_blank\">NDSS 2025<\/a>) Symposium. ECHO&#8217;s open-source code is <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/github.com\/CyFI-Lab-Public\/ECHO\" target=\"_blank\">available<\/a> on GitHub.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Botnet_backstory\"><\/span>Botnet backstory<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Botnets have been a problem since the 1980s and have grown in potency recently. In 2019, for example, a vicious malware called Retadup compromised Windows systems throughout Latin America. A Czech cybersecurity company, Avast, partnered with the French government to take down this bot. They reverse-engineered the malware, effectively creating a &#8220;vaccine&#8221; for it in the process. As effective as that solution was, it wasn&#8217;t easily replicable.<\/p>\n<p>Brendan Saltaformaggio saw an opportunity, though.<\/p>\n<p>&#8220;This is a really good <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roach, but it was extremely labor-intensive,&#8221; said Saltaformaggio, an associate professor in SCP. &#8220;So, my group got together and realized we have the research to make this a scientific, systematic, reproducible technique, rather than a one-off, human-driven, miserable effort.&#8221;<\/p>\n<p>                                                                                                        <!-- TechX - News - In-article --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Botnet_breakdown\"><\/span>Botnet breakdown<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>ECHO eradicates malware in three stages. First, it determines how the malware deploys its malicious code. Then, ECHO identifies the capabilities of this deployment mechanism and discovers how they can be repurposed for remediation. Next, it builds a remediation code that leverages these same mechanisms to disable the malware. That code is then tested and eventually pushed out to the system. The team tested ECHO on 702 Android malware samples and successfully stopped malware in 523 of them.<\/p>\n<p>They hope ECHO&#8217;s success will halt attackers in their tracks.<\/p>\n<p>&#8220;A way we approach problems in our lab is to find the tradeoff between the attackers&#8217; effort versus our effort to fight them,&#8221; Saltaformaggio said. &#8220;We can never achieve a perfect solution, but we can raise the bar high enough for an attacker that it wouldn&#8217;t be worth it for them to use malware this way.&#8221;<\/p>\n<p>With tools like ECHO, botnets can be removed before they cause economic and operational damage. Malware is ever-evolving, but Saltaformaggio and his team are improving their methods along with it. The next malware attack is imminent\u2014but so is the solution.<\/p>\n<div class=\"article-main__more p-4\">\n<p><strong>More information:<\/strong><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\tHitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse. <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.ndss-symposium.org\/ndss-paper\/hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse\/\" target=\"_blank\">www.ndss-symposium.org\/ndss-pa \u2026 de-deployment-reuse\/<\/a><\/p>\n<\/div>\n<div class=\"d-inline-block text-medium my-4\">\n                                                Provided by<br \/>\n                                                                                                    Georgia Institute of <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">Technology<\/a><br \/>\n                                                    \t\t\t\t\t\t\t\t\t\t\t\t\t<a rel=\"nofollow\" target=\"_blank\" class=\"icon_open\" href=\"http:\/\/www.gatech.edu\/\" target=\"_blank\" rel=\"nofollow\"><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<svg>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<use href=\"https:\/\/techx.b-cdn.net\/tmpl\/v2\/img\/svg\/sprite.svg#icon_open\" x=\"0\" y=\"0\"\/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/svg><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/a><\/p><\/div>\n<p>                                        <!-- print only --><\/p>\n<div class=\"d-none d-print-block\">\n<p>\n                                                <strong>Citation<\/strong>:<br \/>\n                                                Spy vs. spy: A new automated removal tool can stop most remote-controlled malware (2025, April 25)<br \/>\n                                                retrieved 25 April 2025<br \/>\n                                                from https:\/\/techxplore.com\/<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>\/2025-04-spy-automated-tool-remote-malware.html\n                                            <\/p>\n<p>\n                                            This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no<br \/>\n                                            part may be reproduced without the written permission. The content is provided for information purposes only.\n                                            <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p><script id=\"facebook-jssdk\" async=\"\" src=\"https:\/\/connect.facebook.net\/en_US\/sdk.js\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more Like this articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/category\/sciencee\/\" target=\"_blank\" >Science category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techxplore.com\/news\/2025-04-spy-automated-tool-remote-malware.html\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>formal model instantiated from the Youku sample. Credit: Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse. https:\/\/www.ndss-symposium.org\/ndss-paper\/hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse\/ Cyberattacks can snare workflows, put vulnerable client information at risk, and cost corporations and governments millions of dollars. A botnet\u2014a network infected by malware\u2014can be particularly catastrophic. A new Georgia Tech tool automates the malware removal&#8230;<\/p>\n","protected":false},"author":1,"featured_media":665326,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/scx2.b-cdn.net\/gfx\/news\/2025\/spy-vs-spy-a-new-autom.jpg","fifu_image_alt":"","footnotes":""},"categories":[16],"tags":[],"class_list":["post-665325","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sciencee"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/665325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=665325"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/665325\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/665326"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=665325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=665325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=665325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}