Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kraken Infiltration Revives "Friendly Worm" Debate

Posted by kdawson on from the damned-if-you-do dept.

Anonymous Stallion writes "Two security researchers from TippingPoint (sponsor of the recent CanSecWest hacking contest) were able to infiltrate the Kraken botnet, which surpasses its predecessors in size. The researchers have published a pair of blog entries: Owning Kraken Zombies and Kraken Botnet Infiltration. They dissect the botnet and go so far as to suggest that they could cleanse it by sending an update to infected hosts. However, they stopped short of doing so. This raises the old moral dilemma about a hypothetical 'friendly worm' that issues software fixes (except that the researchers' vector is a server that can be turned off, not an autonomous worm that can't be recalled once released). What do you think — is it better to allow the botnet to continue unabated, or perhaps to risk crashing a computer controlling a heart monitor somewhere?"

11 of 240 comments (clear)

  1. Had me up until the sensationalism by dreamchaser · · Score: 4, Insightful

    " is it better to allow the botnet to continue unabated, or perhaps to risk crashing a computer controlling a heart monitor somewhere?"

    I challenge the submitter to find one instance where a computer controlling a heart monitor has a worm infection. They are not even networked and they do not run Windows.

    1. Re:Had me up until the sensationalism by somersault · · Score: 4, Funny

      Cleary you have never been to Singapore.

      Oh wait, wrong movie

      --
      which is totally what she said
    2. Re:Had me up until the sensationalism by morgan_greywolf · · Score: 4, Funny

      I challenge the submitter to find one instance where a computer controlling a heart monitor has a worm infection.
      Would that be a 'heartworm'?
      --
      My blog
    3. Re:Had me up until the sensationalism by pipatron · · Score: 3, Insightful

      And what happens to the patient if one of these goes down because of a virus?

      Nothing. Absolutely nothing.

      --
      c++; /* this makes c bigger but returns the old value */
  2. Well, if you ARE going to do something like that. by AltGrendel · · Score: 3, Insightful
    For goodness sakes.

    Don't tell anyone!!!

    All the lawyers in the world will converge on you if you do.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

  3. important difference by Tom · · Score: 4, Insightful

    (except that the researchers' vector is a server that can be turned off, not an autonomous worm that can't be recalled once released) That's not a small difference! Pushing an update to a known list of hosts is a vastly different thing from starting a self-replicating autonomous agent.

    There is still the "messing with other people's computer" issue, of course.
    --
    Assorted stuff I do sometimes: Lemuria.org
  4. The law needs to catch up by Ice+Tiger · · Score: 3, Insightful

    As with many changes in technology the law is far behind. In this case they would foul of the same laws that would convict the original criminals. The law needs to be adapted to allow legally sanctioned actions like the one proposed to happen to fix the problem.

    Botnets also span more than one country so maybe this needs to be international law.

    --
    "Because we are not employing at entry level, offshoring will kill our industry stone dead."
  5. Barn door closed, horse left six months ago by glindsey · · Score: 3, Insightful

    is it better to allow the botnet to continue unabated, or perhaps to risk crashing a computer controlling a heart monitor somewhere?" I would suggest that if a mission-critical system like that is already infected with a bot, the damage is done -- might as well attempt to clean it at that point.
  6. No Moral crisis here. by Forge · · Score: 3, Insightful

    A botnet cleansing worm would IMHO be a good thing and not in the least morally ambiguous.

    Imagine a similar situation among humans. A Virus breaks out which ravages whole populations. You find a cure which can be distributed by spiking the watter supply or by pumping it into the air.

    I can tell you, the CDC (No. Not the "Cult of the Dead Cow". The other CDC) would only hesitate long enough to verify the safety of the cure before dispatching it.

    Or lets come to a more reasonable and commonplace situation. A man infected with Rabies is not allowed to chose weather he will be treated. His infection impairs his judgment and makes him a danger to other people, therefore he is a hazard to be cured against his will.

    Doesn't the same apply to a botnet member oblivious to it's own condition spewing it's infection, Spam and lord knows what else onto other computers?

    Kevin.

    --
    --= Isn't it surprising how badly I spell ?
  7. Sabotage the botnet by CvD · · Score: 4, Insightful

    I say yes, sabotage the botnet with friendly worms/bots. The owners of the infected computers don't know about the problem, don't care or don't know how to fix it.

    I say vigilante action is okay, to protect ourselves (the people in the know adminning the networks and computers being attacked).

    --
    The Official Steve Ballmer Webpage
  8. KILL THEM ALL by brassman · · Score: 3, Funny

    "Kill them all. God will know His own."

    --
    "Ain't no right way to do a wrong thing."