|Mira is a botnet worm that has infected lots of internet things like cameras etc.|
The problem is that nobody has taken security seriously when it comes to the internet of things.
The Chinese company Hangzhou Xiongmai Technology Co. has produced many of the gadgets that can be identified by Mira.
The reason is that their products come with a list of known admin passwords that cannot be changed!
So the software for these systems can easily be hacked so that the hacker can get admin access, and make the gadgets slaves in a botnet attack.
Now this is bad news for the internet so this guy - Leo Linsky - made an antiworm that he called "anti Mira botnet" and published it on Github.
He simply analysed the Mira botnet code and made it change the passwords on vulnerable gadgets.
...and that is illegal!
So the code stayed on Github for a short while before it was removed.
Now both the bad Mira worm and the nice anti Mira worm are treated the same in the eyes of the security business and it is a fact that it is not legal to log in on other people's systems without permission - even if you have the best of motives (seems to be exceptions for the NSA and gov agencies).
There is no doubt that the anti worm could prevent the negative effects of Mira and stop botnet attacks :
The ethics of this are interesting. While probably technically illegal to run, would you have any legal defence for running it? For example, if you can prove that you’re only ‘closing the door’ on an already-compromised node, is this any defence?
Maybe it is time to break some eggs to make an omelette?
Should the antiworm be put back on Github?