Tehtri Security research Laurent Oudot has determined that most people who attack servers get their hacking software from freely available malware kits on the Web, rather than creating their own custom scripts. These kits often contain poorly written code that can itself be exploited.
What does all of that mean to you? Oudot says it means that you can fight fire with fire, turning the attacker’s own malware against him. The next time someone attacks your server, hacking the malware can reveal a trail of IP addresses that may even lead all the way back to the attacker’s personal computer.
Oudot admits that there may be legal issues if you decide to turn into a cyber-Batman, but says that he demonstrated that it could be done, at the SyScan 2010 security conference in Singapore, in order to “open new way[s} to think about IT security worldwide”. Right, Mr. Oudot. You just handed every victim a loaded gun and told them there may be “legal issues” in retaliating. Malware attackers, you’ve been warned.