Skip to Content

Why a "Good" Worm May be a Bad Idea

Experts discuss a controversial mechanism to fix millions of infected computers.
January 23, 2009

A computer worm that has wriggled its way inside millions of unpatched computers over the past few months has experts discussing some drastic countermeasures.

Conficker (aka Downup, Downadup and Kido) has infected millions of computers, installing code that gets them ready for further commands. Naturally, network administrators and security experts are pretty concerned about what the next step might be–perhaps unleashing a tsunami of spam, or maybe bombarding a banking site with an unmanageable amount of traffic in an extortion scheme.

One expert who spoke to The New York Times says that some folks are already working on a controversial countermeasure–unleashing a “good” (or “white”) computer worm that would exploit the same vulnerabilities as Conficker in order to disinfect all the machines that are compromised.

“Yes, we are working on it, as are many others,” said one botnet researcher who spoke on the grounds that he not be identified because of his plan. “Yes, it’s illegal, but so was Rosa Parks sitting in the front of the bus.”

Analysis of the worm shows how this might work. Since the worm is programmed to contact a specific set of web addresses and wait to receive further code, hijacking these addresses could squish the worm before it does much damage. Phillip Porras a researcher at SRI international, who has been studying the spread of Conficker, says that some of the domains linked with the worm have already been registered by “white hat” hackers. These well-intentioned experts might be hoping to simply prevent the worm from receiving further commands, or they might be looking for a way to inject their own viral code into the Conficker network.

Creating a “good” worm sounds like a smart idea, until you really think about it. Nicholas Weaver, a network security researcher at Berkeley’s International Computer Science Institute, explains the potential pitfalls of such an approach in this 2006 Usenix article (pdf). Aside from the legal issues involved with infecting millions of machines, Weaver says it would be incredibly difficult to program a worm to target only those machines that have been infected and avoid causing damage to other systems. History would seem to back him up–in 2004 a white worm called Welchia was released in an effort to clean up thousands of systems infected with a worm called Blaster. Unfortunately, Welchia failed to rid these computers of Blaster and only succeeded in clogging up corporate networks even more.

Keep Reading

Most Popular

Workers disinfect the street outside Shijiazhuang Railway Station
Workers disinfect the street outside Shijiazhuang Railway Station

Why China is still obsessed with disinfecting everything

Most public health bodies dealing with covid have long since moved on from the idea of surface transmission. China’s didn’t—and that helps it control the narrative about the disease’s origins and danger.

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.