Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A computer worm that has wriggled its way inside millions of unpatched computers over the past few months has experts discussing some drastic countermeasures.

Conficker (aka Downup, Downadup and Kido) has infected millions of computers, installing code that gets them ready for further commands. Naturally, network administrators and security experts are pretty concerned about what the next step might be–perhaps unleashing a tsunami of spam, or maybe bombarding a banking site with an unmanageable amount of traffic in an extortion scheme.

One expert who spoke to The New York Times says that some folks are already working on a controversial countermeasure–unleashing a “good” (or “white”) computer worm that would exploit the same vulnerabilities as Conficker in order to disinfect all the machines that are compromised.

“Yes, we are working on it, as are many others,” said one botnet researcher who spoke on the grounds that he not be identified because of his plan. “Yes, it’s illegal, but so was Rosa Parks sitting in the front of the bus.”

Analysis of the worm shows how this might work. Since the worm is programmed to contact a specific set of web addresses and wait to receive further code, hijacking these addresses could squish the worm before it does much damage. Phillip Porras a researcher at SRI international, who has been studying the spread of Conficker, says that some of the domains linked with the worm have already been registered by “white hat” hackers. These well-intentioned experts might be hoping to simply prevent the worm from receiving further commands, or they might be looking for a way to inject their own viral code into the Conficker network.

Creating a “good” worm sounds like a smart idea, until you really think about it. Nicholas Weaver, a network security researcher at Berkeley’s International Computer Science Institute, explains the potential pitfalls of such an approach in this 2006 Usenix article (pdf). Aside from the legal issues involved with infecting millions of machines, Weaver says it would be incredibly difficult to program a worm to target only those machines that have been infected and avoid causing damage to other systems. History would seem to back him up–in 2004 a white worm called Welchia was released in an effort to clean up thousands of systems infected with a worm called Blaster. Unfortunately, Welchia failed to rid these computers of Blaster and only succeeded in clogging up corporate networks even more.

0 comments about this story. Start the discussion »

Tagged: Computing, security, computers, malicious code, worms

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me