Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse
Runze Zhang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · Mobile Security
The persistent struggle against botnets has long been a challenging endeavor for security researchers and law enforcement agencies. Traditional botnet takedown methods, while effective at disrupting command-and-control (C2) infrastructure, often fail to address the root cause: the continued infection of victim devices. This talk by Runze Zhang from Georgia Tech introduces "Hitchhiking Vaccine," a novel and automated approach to **botnet remediation** that re-engineers the very mechanism attackers use for remote code deployment. The core innovation lies in turning the attacker's preferred tactic – dynamic payload delivery – against them, allowing incident responders to push remediation payloads directly to compromised devices.
AI review
Genuinely clever inversion of attacker methodology — weaponizing the malware's own payload delivery plumbing to push remediation instead of malice. The 74.5% success rate across 7,002 samples from 22 families is a credible evaluation, not a cherry-picked lab demo, and the automation angle is where this earns its keep: collapsing days of manual RE work into a pipeline that can outpace backup C2 spin-up.