Billy Goat: IBM agent traps worms and viruses

Billy Goat: IBM agent traps worms and viruses

Billy Goat is the code name of the new agent used by IBM to trap hackers. Its mission: simulate virtual networks, attract viruses, to allow administrators to detect and analyze them.

There were already honeypots, these "honey pots" supposed to lure hackers. The Honeynet Project defined them as "resources that increase security by being tested, attacked or compromised." The purpose of these honeypots: to be the designated target of hackers, to reduce the vulnerability of networks to their attacks (production honeypots) and to obtain information about their community (search honeypots).

Image by Gerd Altmann from Pixabay

However, to be useful, these "hacker traps" had to be plausible and rely on an already effective and well-defined security policy. In addition, these honeycombs were intended more to prevent "human" and "unique" attacks than to trap automated worms and viruses.

Now, Billy Goat, in turn, is campaigning against hackers, also playing the role of prey. It is responsible for creating a virtual environment, which simulates the presence of several hundred servers online, assigning many IP addresses to one and the same position.

When Billy Goat hears a request, he knows that since these IP addresses are unused, he is likely to be dealing with a virus or a worm scanning servers for possible intrusion. It then responds to these requests by behaving like an active network of machines, and traps the intruders (while isolating them from the "real" servers of the company). Administrators then have only to identify them, and to study their mode of operation.

Viruses and worms just have to stick. Once isolated by Billy Goat, they will be studied and dissected without mercy!