{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:19:33Z","timestamp":1754158773052,"version":"3.41.2"},"reference-count":21,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2016,7,11]],"date-time":"2016-07-11T00:00:00Z","timestamp":1468195200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2016,7,11]]},"abstract":"\nPurpose<\/jats:title>\nThis paper proposes an approach to deal with malware and botnets, which in recent years have become one of the major threats in the cyber world. These malicious pieces of software can cause harm not only to the infected victims but also to actors at a much larger scale. For this reason, defenders, namely, security researchers and analysts, and law enforcement have fought back and contained the spreading infections. However, the fight is fundamentally asymmetric.<\/jats:p>\n<\/jats:sec>\n\nDesign\/methodology\/approach<\/jats:title>\nIn this paper, the authors argue the need to equip defenders with more powerful active defence tools such as malware and botnets, called antidotes, which must be used as last resort to mitigate malware epidemics. Additionally, the authors argue the validity of this approach by considering the ethical and legal concerns of leveraging sane and compromised hosts to mitigate malware epidemics. Finally, the authors further provide evidence of the possible success of these practices by applying their approach to Hlux, Sality and Zeus malware families.<\/jats:p>\n<\/jats:sec>\n\nFindings<\/jats:title>\nAlthough attackers have neither ethical nor legal constraints, defenders are required to follow much stricter rules and develop significantly more intricate tools. Additionally, attackers have been improving their malware to make them more resilient to takeovers.<\/jats:p>\n<\/jats:sec>\n\nOriginality\/value<\/jats:title>\nBy combining existing research, the authors provide an analysis and possible implication of a more intrusive yet effective solution for fighting the spreading of malware.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2015-0004","type":"journal-article","created":{"date-parts":[[2016,7,6]],"date-time":"2016-07-06T07:28:41Z","timestamp":1467790121000},"page":"288-296","source":"Crossref","is-referenced-by-count":0,"title":["Fight fire with fire: the ultimate active defence"],"prefix":"10.1108","volume":"24","author":[{"given":"Armando","family":"Miraglia","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matteo","family":"Casenove","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121411254630100_ref001","unstructured":"Andriesse, D. and Bos, H. (2013), \u201cAn analysis of the Zeus peer-to-peer protocol\u201d, Technical Report, Vrije Universiteit Amsterdam, Amsterdam."},{"first-page":"299","article-title":"A survey of botnet technology and defenses","year":"2009","key":"key2020121411254630100_ref002"},{"key":"key2020121411254630100_ref003","unstructured":"Bureau, P. (2011), \u201cSame botnet, same guyes, new code: Wn32\/Kelihos\u201d, Technical Report, VirusBulletin, Abingdon OX."},{"first-page":"131","article-title":"Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts","year":"2010","key":"key2020121411254630100_ref004"},{"key":"key2020121411254630100_ref005","unstructured":"Duebendorfer, T. and Frei, S. (2009), \u201cWhy silent updates boost security\u201d, Technical Report, TIK, ETH Zurich, available at: www.techzoom.net\/silent-updates"},{"key":"key2020121411254630100_ref006","unstructured":"Falliere, N. (2011), \u201cSality: story of a peer-to-peer viral network\u201d, Technical Report, Symantec Corporation, Mountain View, CA."},{"issue":"1","key":"key2020121411254630100_ref007","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1145\/1496091.1496094","article-title":"Firefox (In) security update dynamics exposed","volume":"39","year":"2008","journal-title":"SIGCOMM Computer Communication Review"},{"key":"key2020121411254630100_ref008","unstructured":"Greenwald, G. (2013), \u201cNSA collecting phone records of millions of Verizon customers daily\u201d, The Guardian, available at: www.theguardian.com\/world\/2013\/jun\/06\/nsa-phone-records-verizon-court-order"},{"key":"key2020121411254630100_ref009","first-page":"101","article-title":"Automatic generation of string signatures for malware detection","volume-title":"RAID\u201909","year":"2009"},{"first-page":"1","article-title":"Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm","year":"2008","key":"key2020121411254630100_ref010"},{"key":"key2020121411254630100_ref012","unstructured":"Jaeger, M. (2012), \u201cGermany backs away from using a Trojan on its citizens \u2013 for now\u201d, available at: www.zdnet.com\/germany-backs-away-from-using-a-trojan-on-its-citizens-for-now-7000008914\/"},{"key":"key2020121411254630100_ref013","first-page":"1","article-title":"Optimal patching in clustered malware epidemics","volume-title":"INFOCOM","year":"2012"},{"issue":"5","key":"key2020121411254630100_ref014","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1016\/j.simpat.2008.02.011","article-title":"Epidemic state analysis of computers under malware attacks","volume":"16","year":"2008","journal-title":"Simulation Modelling Practice and Theory"},{"key":"key2020121411254630100_ref015","first-page":"31","article-title":"On the analysis of the Zeus botnet crimeware toolkit","year":"2010","journal-title":"PST\u201910"},{"key":"key2020121411254630100_ref016","unstructured":"Poulsen, K. (2013), \u201cFBI admits it controlled tor servers behind mass Malware attack\u201d, available at: www.wired.com\/threatlevel\/2013\/09\/freedom-hosting-fbi\/ (accessed 13 September 2013)."},{"key":"key2020121411254630100_ref017","unstructured":"Rossow, C. (2013), \u201cUsing malware analysis to evaluate botnet resilience\u201d, PhD thesis, VU Amsterdam."},{"volume-title":"Practical Malware Analysis","year":"2012","key":"key2020121411254630100_ref018"},{"year":"2009","key":"key2020121411254630100_ref019","article-title":"Walowdac \u2013 analysis of a peer-to-peer Botnet"},{"first-page":"1","article-title":"STOP: socio-temporal opportunistic patching of short range mobile malware","year":"2012","key":"key2020121411254630100_ref020"},{"key":"key2020121411254630100_ref021","unstructured":"Tillmann, W. (2013), \u201cPeer-to-peer poisoning attack against the Kelihos.C Botnet\u201d, available at: www.crowdstrike.com\/blog\/peer-peer-poisoning-attack-against-kelihosc-botnet\/"},{"key":"key2020121411254630100_ref022","first-page":"53","article-title":"International workshop on peer-to-peer systems","volume-title":"IPTPS \u201901","year":"2002"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-01-2015-0004","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2015-0004\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2015-0004\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:34Z","timestamp":1753406554000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/3\/288-296\/106494"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,7,11]]},"references-count":21,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2016,7,11]]}},"alternative-id":["10.1108\/ICS-01-2015-0004"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2015-0004","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2016,7,11]]}}}