Slashdot Mirror

← Back to Stories (view on slashdot.org)

Good Network Worms Made Simple

Posted by samzenpus on from the what-could-go-wrong dept.

grabbag writes "Dave Aitel is pitching new technology to create "nematodes," or beneficial network worms for use in large businesses. The idea is to set up a new language and structure to create "strictly controlled" good worms on the fly. A research-type demo was given as the Hack in the Box conference where Aitel talked about a world where "strictly controlled" nematodes are used by ISPs, government organizations and large companies to show significant cost savings."

8 of 137 comments (clear)

  1. distributed processing by WiPEOUT · · Score: 4, Insightful

    Distributed processing capabilities and distributed network monitoring capabilities would be great, but who gets jurisdiction over what governments/companies are allowed to execute code on my PC?

  2. Problem by mysqlrocks · · Score: 5, Insightful

    Isn't the problem with most worms the network traffic it causes by spreading, not the payload? I'm not sure how they plan on keeping something that's designed to spread from spreading too quickly.

    --
    Bradley Holt
    1. Re:Problem by KiloByte · · Score: 3, Insightful

      Simple. Just don't include any spreading code in the payload; send the worm from your own machines.
      As these "nematodes" are supposed to be used only by large companies and ISPs, their owner already possesses the network, and thus can apply the exploits to valid targets only.

      This is not such bad a concept -- with VERY few exceptions, nearly all networks are full to the brim with idiots. Setting policies can help, but often you have no real way to enforce them. Try telling your clients that that Weather Bug or M$ Outlook is not something they should be using... But if you use controlled exploits right, you can fix the problems without having to deal with just the symptoms.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  3. "strictly controlled" == hubris by G4from128k · · Score: 3, Insightful
    This sounds like a great way to create malware with privileges.

    It's a very worthy goal, but they need to be extremely careful in the coding. One accidental (or malicious) tweak and these worms could overwhelm network resources, DoS the system, or damage valid systems (autoimmune disease).

    --
    Two wrongs don't make a right, but three lefts do.
  4. Beneficial worm?? by pesc · · Score: 4, Insightful

    So government worms can be beneficial? What government? The US? the Chinese?

    "Beneficial" according to what point of view? Does the owner of the system get any say in this? If he does, why do we need a worm instead of a normal program that can be voluntarily installed?

    If not, then this is just a normal malware worm with added propaganda and spin.

    --

    )9TSS
  5. Re:Yes, but... by SimilarityEngine · · Score: 3, Insightful

    If so, that'd be cool - you might foresee security breaches before they even happened.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  6. Fighting the Symptoms, Not the Problem by RAMMS+EIN · · Score: 4, Insightful

    This sounds to me like they're fighting the symptoms, not the problem. Worms can only spread successfully because of the sorry state of software security. If we fix that, we will not only get rid of worms, but also of other problems, such as targeted attacks for information theft. Using better languages to write software in can eliminate the bulk of security problems we're currently seeing. Security through diversity and not relying on known insecure software also help.

    --
    Please correct me if I got my facts wrong.
  7. Worms infect a machine, then jump to the next. by khasim · · Score: 3, Insightful
    Why would you want to use a worm for that? A worm will install itself on each machine.

    Why not just run the centralized scanning tools that you mentioned?
    It would be cool if you could have these worms each perform certain functions (one to better manage spanning-tree for instance, so when a link fails spanning tree rebuilds faster for example) with some sort of AI, or really even a really good base line vs current activity comparison machine, to intelligently manage WANs and LANs.
    Why would I want to infect my switches and routers with this? I already have SNMP. Spanning tree kicks in almost instantaniously.
    Be nice to have worms that watch for machines all the sudden opening ports that they never have before, all the sudden opening up multicast or what not, or even finding that bad machine sending out bad frames on the network.
    The only way a worm would do that would be if it had infected the problem machine (in which case, why not just run a firewall on it) or if it had infected your switchs/routers.

    Why not just write the app to run on those in the first place? Why make it a worm?
    Granted you can do all these things now with a mix of expensive monitoring tools and a lot of config work with tools like ethereal and mrtg and big brother/big sister, etc. But this might be an easier way to do the same thing.
    What "expensive" tools?

    All you'd need is SNMP and the knowledge to setup your firewall correctly and a machine to receive the syslog messages from your firewall and parse them.

    It's far more efficient to have the choke points do the monitoring than to have worms running around on your network.

    Worms are only useful for spreading crap to machines you don't control. Once you have control there are so many more efficient ways to push code to them or monitor them.