Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Friendly' Worms Could Spread Software Fixes

Posted by Zonk on from the perfect-way-to-make-a-rogue-ai dept.

An anonymous reader writes "Microsoft researchers are working out the perfect strategies for worms to spread through networks. Their goal is to distribute software patches and other friendly information via virus, reducing load on servers. This raises the prospect of worm races — deploying a whitehat worm to spread a fix faster than a new attacking worm can reach vulnerable machines."

20 of 306 comments (clear)

  1. Prior Art by orclevegam · · Score: 4, Informative

    This is a very old idea. One of the earliest worm/viruses was actually of the "white-hat" variety. Nothing to see here, move along.

    --
    Curiosity was framed, Ignorance killed the cat.
    1. Re:Prior Art by deadzaphod · · Score: 5, Insightful

      Very, very old idea. The first worm of this type was called "Reaper" and was created to kill the "Creeper" worm. http://www.viruslist.com/en/viruses/encyclopedia?chapter=153310937

    2. Re:Prior Art by verbalcontract · · Score: 5, Funny

      This is a very old idea. One of the earliest worm/viruses was actually of the "white-hat" variety. Nothing to see here, move along.

      DUH. That's why my Norton Antivirus lights up when I click on those helpful "GET RID OF SPYWARE" ads?

    3. Re:Prior Art by nmb3000 · · Score: 5, Informative

      Very, very old idea.

      And still being used occasionally. The most recent one I recall is Welchia which used the same RPC exploit as Blaster but tried to help the user by installing patches to prevent further use of the exploit.

      It's an interesting idea, but still causes some of the big collateral problems that worms cause. Welchia brought university and corporate networks to their knees because of high traffic just as well as Blaster did - perhaps even moreso since it was also doing a lot of HTTP requests to Microsoft's servers. I think a better solution would be a more surefire way to make sure users get patched when such a critical vulnerability is found. That's the ironic part of the Blaster/Welchia RPC exploit, there was a patch available for months before the worm was released.

      --
      "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
      /)
    4. Re:Prior Art by Beardo+the+Bearded · · Score: 5, Funny

      If they learn how to program from us, we'll be fine.

      We can survive salt water, high EMP fields, and power outages. A computer can't handle carpet.

      My money's always going to be on the meatbags.

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    5. Re:Prior Art by Spy+der+Mann · · Score: 4, Interesting

      It's an interesting idea, but still causes some of the big collateral problems that worms cause. Welchia brought university and corporate networks to their knees because of high traffic just as well as Blaster did

      You could program the worm to spread based on a random calculation, and assign it a threshold so the traffic isn't excessive. This would give the worm a very low probability to survive.

      However, a better approach IMO would be to get rid of all the Genuine Advantage and activation crack, and allow boxes using old and famous activation keys (such as the "devil's own") to get updated with Windows Update.

    6. Re:Prior Art by Deanalator · · Score: 4, Funny

      "Funny isn't it? The human was impervious to our most powerful magnetic fields, yet in the end, he succumbed to a harmless sharpened stick."

              - Chapek 9 robot general

  2. A viral implementation of Windows Update? by lawaetf1 · · Score: 5, Funny

    "A friendly worm updated your computer which required a reboot."

    --
    CommentBot 0.7a running with args "-module irritate,disagree -target random"
    1. Re:A viral implementation of Windows Update? by Anonymous Coward · · Score: 4, Insightful

      Clippy worm: "I see you have Ubuntu installed, would you like to purchase and install Windows Vista?"

  3. Annnndddd... by RandoX · · Score: 4, Insightful

    What makes this any more legal than a black hat worm?

    1. Re:Annnndddd... by sm62704 · · Score: 5, Insightful

      How many people went to prison for the Sony XCP rootkit?

      That's right, none. There's your clue.

      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  4. This is an old idea by sm62704 · · Score: 4, Insightful

    It keeps resurfacing every now and then. Get this through your thick skulls: It's my computer. Keep your God damned hands off of it. I don't care how good your intentions are, you have no right to infect MY computer with anything at all, good or bad.

    If you use a tool like this on your own network, fine, but if I find it on my own you had better cover your tracks because I'll go ballistic.

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  5. Re:Annnndddd... Well, these worm by davidsyes · · Score: 4, Funny

    their way into your heart, so they're heart-worming welcomes.

    --
    Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
  6. Caused Issues the last time someone tried it.. by ironwill96 · · Score: 4, Insightful

    Anyone remember when someone did this for Blaster and created the "Welchia" worm variant? An article on it is located here: White Hat Worm and Microsoft even complained that it "generated excess network traffic". Now they are proposing to do the same thing? How are they going to make the worm spread, through vulnerabilities like Welchia did? Hope they don't use an RPC vulnerability and cause your system to crash like it did!

    I guess this goes with all of the tags we've seen today on articles of "whatcouldpossiblygowrong?".

    --
    "To strive, to seek, to find, and not to yield." - Tennyson
  7. I can hear it already... by TheUni · · Score: 5, Funny

    Customer: Something's wrong, my computer's not acting right.
    Tier1 Customer Support: Ok sir, I'd be happy to help you with that. Firstly, do you have the latest Microsoft Virus(tm) installed?
    Customer: Yes.
    Tier1 Customer Support: OK, do you have an Antivirus installed?
    Customer: Yes.
    Tier1 Customer Support: Ah, that's the problem. You'll need to remove the Antivirus in order for the Virus to function correctly. It's not safe these days to be running without the latest Virii!

  8. This one is different. by Bananatree3 · · Score: 4, Insightful
    First off this wouldn't be some whitehat's haphazard cure worm like the Welchia worm. This worm would proabably be signed by microsoft, made by microsoft. from TFA:

    Because no central server needs to provide and coordinate all the downloads, Software patches that spread like worms could be faster and easier to distribute because no central server must bear all the load. This is more P2P patch distribution, which is not a bad idea.
    1. Re:This one is different. by mhall119 · · Score: 4, Funny

      If only it were possible to provide a list of other servers that somehow mirrored the data available on the central server....

      Or, even better, a way to send requests to the same domain name to physically different servers...

      I think I may be on to something here.

      --
      http://www.mhall119.com
    2. Re:This one is different. by KublaiKhan · · Score: 4, Insightful

      And what, exactly, is stopping someone from forging an MS cert on their own worm (or, simpler, giving the appearance of a legit one--y'know, like bank website phishing), exploiting the worm dispersal mechanism, and rootkitting everyone who's stupid enough to let this worm in?

      --
      In Xanadu did Kubla Khan
      A stately pleasure dome decree
  9. not exactly by Brigadier · · Score: 4, Insightful


    If I'm not mistaken according to Micro Soft's EULA you don't actually own the software they do. They are just giving you permission to use it. Though you do own the hardware the worm in question would only affect or change the Soft Ware. In addition you neither own your network connection or most likely the building you live in ( dorm, apartment, mortgaged home etc) so from a purly legal stand point you have no leg to stand on. Though I do completely understand and support the meaning behind yrou rant :)

  10. I can't wait... by hoggoth · · Score: 4, Funny

    Till the script kiddies use this delivery mechanism to bypass all security and deliver their own custom payloads.
    Yay Microsoft! They have such good instincts when it comes to security!

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)