Skip to Content

Why a "Good" Worm May be a Bad Idea

Experts discuss a controversial mechanism to fix millions of infected computers.
January 23, 2009

A computer worm that has wriggled its way inside millions of unpatched computers over the past few months has experts discussing some drastic countermeasures.

Conficker (aka Downup, Downadup and Kido) has infected millions of computers, installing code that gets them ready for further commands. Naturally, network administrators and security experts are pretty concerned about what the next step might be–perhaps unleashing a tsunami of spam, or maybe bombarding a banking site with an unmanageable amount of traffic in an extortion scheme.

One expert who spoke to The New York Times says that some folks are already working on a controversial countermeasure–unleashing a “good” (or “white”) computer worm that would exploit the same vulnerabilities as Conficker in order to disinfect all the machines that are compromised.

“Yes, we are working on it, as are many others,” said one botnet researcher who spoke on the grounds that he not be identified because of his plan. “Yes, it’s illegal, but so was Rosa Parks sitting in the front of the bus.”

Analysis of the worm shows how this might work. Since the worm is programmed to contact a specific set of web addresses and wait to receive further code, hijacking these addresses could squish the worm before it does much damage. Phillip Porras a researcher at SRI international, who has been studying the spread of Conficker, says that some of the domains linked with the worm have already been registered by “white hat” hackers. These well-intentioned experts might be hoping to simply prevent the worm from receiving further commands, or they might be looking for a way to inject their own viral code into the Conficker network.

Creating a “good” worm sounds like a smart idea, until you really think about it. Nicholas Weaver, a network security researcher at Berkeley’s International Computer Science Institute, explains the potential pitfalls of such an approach in this 2006 Usenix article (pdf). Aside from the legal issues involved with infecting millions of machines, Weaver says it would be incredibly difficult to program a worm to target only those machines that have been infected and avoid causing damage to other systems. History would seem to back him up–in 2004 a white worm called Welchia was released in an effort to clean up thousands of systems infected with a worm called Blaster. Unfortunately, Welchia failed to rid these computers of Blaster and only succeeded in clogging up corporate networks even more.

Keep Reading

Most Popular

light and shadow on floor
light and shadow on floor

How Facebook and Google fund global misinformation

The tech giants are paying millions of dollars to the operators of clickbait pages, bankrolling the deterioration of information ecosystems around the world.

This new startup has built a record-breaking 256-qubit quantum computer

QuEra Computing, launched by physicists at Harvard and MIT, is trying a different quantum approach to tackle impossibly hard computational tasks.

wet market selling fish
wet market selling fish

This scientist now believes covid started in Wuhan’s wet market. Here’s why.

How a veteran virologist found fresh evidence to back up the theory that covid jumped from animals to humans in a notorious Chinese market—rather than emerged from a lab leak.

protein structures
protein structures

DeepMind says it will release the structure of every protein known to science

The company has already used its protein-folding AI, AlphaFold, to generate structures for the human proteome, as well as yeast, fruit flies, mice, and more.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.