Fight Virus With Virus?

Insanik writes "I am not an expert with internet worms like Code Red. However, I am curious if it would be possible to create a friendly worm/virus/whatever that would fight the original by using the same security holes. For instance, I read that Code Red II opens a back door. Why not have another virus that exploited the back door, closed it, then started sending itself to other servers for a certain period of time? " The submittor raises an interesting question - is this possible? I would guess so, in theory. And while we're working on Code Red, can we send a large man to the home of my latest Sircam senders and politely "ask" them to stop clicking on virii?

Re:Why do favors?

[brlewis]

Seriously, do you have any data showing that Code Red does "bog down" traffic globally?

There's never been a worm that exploited an Apache hole the way this IIS hole is being exploited. That's not flamebait; that's a fact.

It's been years since any remote vulnerability has been discovered in Apache. That's not flamebait; that's a fact.

Are you willing to make a new "nice guy" worm every time a new evil IIS worm comes out? If not, then you would only lull IIS admins into a false sense of security by fixing their problem for them this time. Let them deal with it; it's a valuable educational experience.

Take it one step futher...

[Overt+Coward]

And after closing the hole, the counter-virus should stay resident and launch a counter-attack against anyone who tries to exploit the hole with anything other than the counter-virus.