Can good worms solve the Conficker problem?

Can good worms solve the Conficker problem?

Summary: After reading the latest news about Conficker, I was wondering: Would it be legal to create and deploy a super worm that had an anti-malware payload designed to shut down and prevent infections by other worms?On the one hand, you'd be making unauthorized use of other people's computer systems, using their bandwidth, crossing state and national boundaries, and risking interfering with other operations.

TOPICS: Security

After reading the latest news about Conficker, I was wondering: Would it be legal to create and deploy a super worm that had an anti-malware payload designed to shut down and prevent infections by other worms?

On the one hand, you'd be making unauthorized use of other people's computer systems, using their bandwidth, crossing state and national boundaries, and risking interfering with other operations. But on the other hand, you'd be doing them a favor to inoculate them; using the black hat's technique for good.

What do you think?

[poll id="20"]

Topic: Security

Ed Burnette

About Ed Burnette

Ed Burnette is a software industry veteran with more than 25 years of experience as a programmer, author, and speaker. He has written numerous technical articles and books, most recently "Hello, Android: Introducing Google's Mobile Development Platform" from the Pragmatic Programmers.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Can good worms solve the Conficker problem?

    I like the idea in theory but then you are doubling worm traffic due to the good guys fighting the bad guys. One way around that is to have a worm kill switch to kill it once all the bad worms are gone. The good worm is still violating laws by unauthorized access to computers, its a noble effort though.
    Loverock Davidson
    • Why don't they just send out instructions

      To the PC's telling the malicious worms to totally UNINSTALL themselves? That would be something that I think would be a good idea: don't put beneficial worms on a person's system, just send out instructions to the worms saying "Hey..... UNINSTALL YOURSELVES! Wipe yourselves clean!"
      • Re: uninstall yourself

        That's a good idea but a little tricky because Conficker (for example) uses cryptographic signing to make sure it is executing a payload signed and approved by the author. You'd have to get the author's private key and use it to sign your code, or break the crypto.

        Hmm... maybe when they catch the guy he could cut a plea deal whereby he sends out an uninstall program in exchange for a lesser sentence.
        Ed Burnette
  • RE: Can good worms solve the Conficker problem?

    In general this seems like a good idea. I'd be worried someone would read the GOOD worm and create a variant. Logic dicates the GOOD worm would close the hole it used to get in, but that doesn't mean a good coder couldn't retool it in a creative manner to expoit a hole the GOOD worm missed.
  • RE: Can good worms solve the Conficker problem?

    Fight Fire with Fire... the ending is near!
  • RE: Can good worms solve the Conficker problem?

    Alright, 1.) The ending has been near since it all began.

    2.) You would have to have this group of robin hood like vigils that created worms to battle worms right? For each worm or type their off. The Anit-Virus people would be a lot quicker than this group. So what would be gained?

    I voted this would not work. Now what might be cool is if you could create a program, that used distributed computing power, allowing 'agents' to freely join the distributed network for this program. These agents would be computers. Like a screen saver. It would only use a given, freely signed up users PC's power during times the PC was set to be inactive.

    Have this distributed based computer program, then search out worms, holes, etc. And be smart enough, and have the ability to actually take and create, compile and let loose it's own 'extermination programs' that would be used to track down, and null specific worms.

    This program would have to learn, and have the ability to be feed information, and allow for prediction, etc. Then once up and running, could also be directed and updated from a control group of trusted, regulated, and checked white & gray hat developers / hackers that sign up to do this work.

    What do you think of that? eh?
    • Smart worms

      Cool idea but it sounds kind of AI/Skynet-ish. Write up a grant request and you could probably get a pile of government money to research it. I kind of doubt it would ultimately be possible though.
      Ed Burnette
  • It's an interesting idea

    that Batman, Spiderman, and Hellboy could all be proud of, though I wouldn't want you traipsing your worm about on my computer.

    Kid Icarus-21097050858087920245213802267493
    • Re: Not on my computer

      So, what if there was a setting you could make on your computer (like a robots.txt file) where you could say "No good worms allowed - just the bad ones".

      I say just the bad ones because malicious software would ignore any such setting.
      Ed Burnette
  • Love the intent, but hate the method

    I'm all for proactively tackling this scourge, but it won't be a long-term solution. These PCs get infected because of the user: 1) the user doesn't patch their Windows OS, 2) the user doesn't use good browsing habits, 3) the user doesn't maintain security software on their PC. Unless the worm can instill a clue in the end-user, it won't work.

    Now, if your super worm can go in and permanently disable the IP stack, then we're talking. ;)

    And BTW, after the crapstorm that was raised by the BBC's recent actions, be aware you're likely to be crucified for this idea if the ivory tower Internet security hand-wringers catch wind of this. From my discussions with many on this subject, they were less up in arms about handing money to criminals for the purposes of making a news clip and more worked up over the fact that some ineffectual law was getting trampled when the BBC changed the botnet participants' background screen to warn them they were infected. Go figure.
  • No way...

    I'm sorry, but this is a bad idea on any number of levels. Tell me who these magical individuals are who will have access to millions of PCs because of a "good" worm. Maybe use just a sliver of processing power across all of them and still have a pretty impressive botnet up and running. What company will resist using that to make money? It may not be malicious, but it won't have the user's best interest at hear for long at all.

    Let's focus on multi-tier protection strategies. Make sure you're protected and up to date. Out of 20 clients I deal with on a regular basis, not one had a conficker infection. Their PCs have been patched, they have hardware firewalls w/ IPS and AV, they have AV installed on their local PCs, they have the basic Windows firewall locked down when they're not on the local network (for those who travel). AutoRun is disabled via group policy. To anyone who does what they can to protect themselves from threats in general Conficker was nothing more than reading material while taking a long bathroom break.
  • RE: Can good worms solve the Conficker problem?

    I say "wouldn't work." It's a missile and anti-missile dynamic
    which will lead to an anti-anti-missile which will lead to an
    anti-anti-anti ad infinitum.

    I also suspect the good-worm-writers will quickly worry about
    how to monetize their services, which means charging (I'm not
    opposed to that per se) and whenever something costs money,
    someone won't do it and we're back to square one.

    I also suspect that licensing and operating system politics will
    get mixed in; imagine how the good-wormers will feel about
    cleaning Windows infestations if Microsoft really starts throwing
    attorneys at Linux. Or, let's say Macs or Linux systems do draw
    black-hat attention. Does Microsoft have any good reason,
    other than altruism, to participate in the community effort?
  • Can good worms solve world hunger?

    For some reason I have a tendency to think Terminator "skynet" when thinking about autonomous computer systems. In theory the idea of such systems seems like a good idea, but in the end it generally ends up one of two ways. Either it never gets off the ground due to lack of proper support, and funding, or it ends up going the way of communism where the idea was good, but the person controlling it decides to exploit it to execute their own desires. The end result by tradition, is failure no matter how you look at it.

    You have to keep in mind not just its planned use, but moreover all other ways it could be used. Some people have mentioned that issues could arise from people copying the code to create bad worms from it, but if the original accomplishes its job, then this should be of no concern as it will destroy the new creation. The genuine issue is how honest is the entity that creates the so called good worm. With all the spyware, and crapware currently coming from "legitimate" companies today, who can really trust that this good worm has our best interest in mind.

    In contrast, if such a system could be created, with the greater good in mind, in theory could possibly lead to great advances in computer technology. Giving our computers the ability to learn and adjust themselves based on other systems on the grid could accelerate AI development at unprecedented rates. Such technology, if used correctly could possibly do much more than just rid our computers of pesky malware. It could allow advanced processing at much higher levels then possible now.
    Nonetheless, all this centers on one vital prerequisite; trustworthy, and good willed creators. This proves to be hard to come by, as even some of the most respectable people can be tainted by the idea of supreme control.

    In conclusion, while great in concept, such self maintaining technology would pose far greater threat to security than the threat it would be created to eliminate.
    • Who watches the watchers

      You worry about what happens if "the person controlling it decides to exploit it to execute their own desires".

      That's the current situation isn't it? Somebody, we don't know who, is able to run whatever they want to do God only knows what on several million computers. Wouldn't it be better if you at least knew who that person/group was and they were at least pretending to "not be evil"?
      Ed Burnette
      • Kinda like...

        the warm fuzzing felling you get when the politicians tell you it's all going to be fine just before they steal it all and leave you hanging?

        50/50 really.

        I don't worry what will happen, so much as I know what will happen. History repeats itself, and few people have proven they are immune to the same greed that is driving our economy in the ground. People will steal as long as there is something left to steal, and giving them access to every computer in the world would make it that much easier.

        As I said, I see great potential in this type of technology, and would love nothing more then for it to exist in a perfect world. But it doesn't. The world is far from perfect, the people in it much less so, and no matter how well intentioned the creator may be, the real question is how to keep it from falling wrong hands.

        The problem must be solved before the system is online, because once it is, and it does turn evil, there is no turning back. There must be checks and balances to assure that no one person or company has complete control, and for that matter, none of the ones that do use it for advertising and/or other forms of data mining. Or even worse, turning our machines in to drones for what ever purpose.

        At the very least, it should be an opt-in program.

        But all this is just my opinion... I could be wrong...

  • They'll just hack or emulate good worm and use it to spread bad worms. nt

    • If the good worm is based off the bad worm

      They already have access to the code...

      A comment to those who say "Don't touch my
      machine!" If you're practicing secure
      computing, you won't be affected by the bad OR
      the good worms...

  • stupid idea

    This is a smart as intentionally driving your car into a poll in the hopes of fixing damage from a previous crash.
    • but that actually worked for me once

      It wasn't a poll, nor a pole, but I was hit from the right side (after running a stop sign on a four lane street - in Syracuse, stop signs can easily be hidden behind mounds of snow).

      This shoved in the right rear quarter panel and bent the right end of the rear bumper so it stuck out at 90 degrees.

      A month later, I was rear-ended. The bumper was back in place, but I still collected $188 from the other guy's insurance for minor damage to a '63 Buick Wildcat convertible I had bought in 1969 for $250.

      Without repairing the wrinkled quarter panel, other than painting the whole car a matte gun-metal gray, with about 6 spray cans, I sold it for $200, netting $138, after driving it for a couple years and never using any insurance money for repairs.

    We all saw what happened in Terminator 3:Rise of the Machines???

    When Cyberdyne Systems launched Skynet to destroy the virus/machines from taking over all electronic communicatons military and civilian???

    See Terminator: Salvation on May 21, 2009 for what could happen in the "Real World"