A computer worm that has wriggled its way inside millions of unpatched computers over the past few months has experts discussing some drastic countermeasures.
Conficker (aka Downup, Downadup and Kido) has infected millions of computers, installing code that gets them ready for further commands. Naturally, network administrators and security experts are pretty concerned about what the next step might be–perhaps unleashing a tsunami of spam, or maybe bombarding a banking site with an unmanageable amount of traffic in an extortion scheme.
One expert who spoke to The New York Times says that some folks are already working on a controversial countermeasure–unleashing a “good” (or “white”) computer worm that would exploit the same vulnerabilities as Conficker in order to disinfect all the machines that are compromised.
“Yes, we are working on it, as are many others,” said one botnet researcher who spoke on the grounds that he not be identified because of his plan. “Yes, it’s illegal, but so was Rosa Parks sitting in the front of the bus.”
Analysis of the worm shows how this might work. Since the worm is programmed to contact a specific set of web addresses and wait to receive further code, hijacking these addresses could squish the worm before it does much damage. Phillip Porras a researcher at SRI international, who has been studying the spread of Conficker, says that some of the domains linked with the worm have already been registered by “white hat” hackers. These well-intentioned experts might be hoping to simply prevent the worm from receiving further commands, or they might be looking for a way to inject their own viral code into the Conficker network.
Creating a “good” worm sounds like a smart idea, until you really think about it. Nicholas Weaver, a network security researcher at Berkeley’s International Computer Science Institute, explains the potential pitfalls of such an approach in this 2006 Usenix article (pdf). Aside from the legal issues involved with infecting millions of machines, Weaver says it would be incredibly difficult to program a worm to target only those machines that have been infected and avoid causing damage to other systems. History would seem to back him up–in 2004 a white worm called Welchia was released in an effort to clean up thousands of systems infected with a worm called Blaster. Unfortunately, Welchia failed to rid these computers of Blaster and only succeeded in clogging up corporate networks even more.
How Facebook and Google fund global misinformation
The tech giants are paying millions of dollars to the operators of clickbait pages, bankrolling the deterioration of information ecosystems around the world.
This new startup has built a record-breaking 256-qubit quantum computer
QuEra Computing, launched by physicists at Harvard and MIT, is trying a different quantum approach to tackle impossibly hard computational tasks.
This scientist now believes covid started in Wuhan’s wet market. Here’s why.
How a veteran virologist found fresh evidence to back up the theory that covid jumped from animals to humans in a notorious Chinese market—rather than emerged from a lab leak.
DeepMind says it will release the structure of every protein known to science
The company has already used its protein-folding AI, AlphaFold, to generate structures for the human proteome, as well as yeast, fruit flies, mice, and more.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.