Kraken Infiltration Revives "Friendly Worm" Debate

← Back to Stories (view on slashdot.org)

Kraken Infiltration Revives "Friendly Worm" Debate

Posted by kdawson on Tuesday April 29, 2008 @12:08AM from the damned-if-you-do dept.

Anonymous Stallion writes "Two security researchers from TippingPoint (sponsor of the recent CanSecWest hacking contest) were able to infiltrate the Kraken botnet, which surpasses its predecessors in size. The researchers have published a pair of blog entries: Owning Kraken Zombies and Kraken Botnet Infiltration. They dissect the botnet and go so far as to suggest that they could cleanse it by sending an update to infected hosts. However, they stopped short of doing so. This raises the old moral dilemma about a hypothetical 'friendly worm' that issues software fixes (except that the researchers' vector is a server that can be turned off, not an autonomous worm that can't be recalled once released). What do you think — is it better to allow the botnet to continue unabated, or perhaps to risk crashing a computer controlling a heart monitor somewhere?"

5 of 240 comments (clear)

Min score:

Reason:

Sort:

Had me up until the sensationalism by dreamchaser · 2008-04-29 00:13 · Score: 4, Insightful

" is it better to allow the botnet to continue unabated, or perhaps to risk crashing a computer controlling a heart monitor somewhere?"

I challenge the submitter to find one instance where a computer controlling a heart monitor has a worm infection. They are not even networked and they do not run Windows.
1. Re:Had me up until the sensationalism by somersault · 2008-04-29 00:14 · Score: 4, Funny
  
  Cleary you have never been to Singapore.
  
  Oh wait, wrong movie
  
  --
  which is totally what she said
2. Re:Had me up until the sensationalism by morgan_greywolf · 2008-04-29 00:23 · Score: 4, Funny
  
  I challenge the submitter to find one instance where a computer controlling a heart monitor has a worm infection.
  Would that be a 'heartworm'?
  
  --
  My blog
important difference by Tom · 2008-04-29 00:19 · Score: 4, Insightful

(except that the researchers' vector is a server that can be turned off, not an autonomous worm that can't be recalled once released) That's not a small difference! Pushing an update to a known list of hosts is a vastly different thing from starting a self-replicating autonomous agent.

There is still the "messing with other people's computer" issue, of course.

--
Assorted stuff I do sometimes: Lemuria.org
Sabotage the botnet by CvD · 2008-04-29 00:57 · Score: 4, Insightful

I say yes, sabotage the botnet with friendly worms/bots. The owners of the infected computers don't know about the problem, don't care or don't know how to fix it.

I say vigilante action is okay, to protect ourselves (the people in the know adminning the networks and computers being attacked).

--
The Official Steve Ballmer Webpage