The Anti-Worm Worm

I was talking to Silverstr last night about the latest Microsoft worm and the new “anti-worm” worm that is making the rounds and attempting to patch systems, but causing problems in itself.

Silv asked me what I thought about the anti-worm worm, and I had to reply that I didn’t know. In a way it was good, something to automatically do what the system admins of the affected systems didn’t do, silently and in the background, was a neat idea. When code red hit a while back there was a perl module that would interperate certain requests respond by trying to

  • attempt to use the same hole that code red used to delete the code red executable
  • send a windows popup message to the system saying that the system was infected and it had tried to clean it, and where to download the patch.

On the other hand however, I don’t trust other people on my computer, much less Microsoft auto updating my system for me (the idea actually scares the shit out of me, and if it did happen it’d be the first thing I turned off). In a time where updates can easily remove important functionality or features (I read a story yesterday (not sure where) about an IE for Mac update that removed some plugin functionality, and various Tivo updates have removed features like commercial/30 second skip) I’m pretty sure I want to be at least given the choice.

The other thing of course is that now you have twice the number of worms infecting your systems, running through your network, and clogging up your systems. What if the anti-worm worm made a mistake? Or cleaned up the original worm but left a backdoor in there for itself logging the IP as an unpatched system? None of these things are beyond the realm of possibilities.

Cheers to all ya’ll out there fighting this thing now. Good luck!

2 Comments on “The Anti-Worm Worm”

  1. Great. More fun to look forward too…
    WORM WARS! The Battle for PC Supremecy!
    Johnny notices that his computer is running slow. Even more slowly than normal. So he checks the task manager only to find 17 different worms each trying to out-do the other. Either through traditional methods, like the usual infestations, or the others trying to get rid of the first types and “auto-repairing” the system.
    The end result is the same. A FUBARed pc.
    Hmmm… I wonder if this is a prelude to future Microsoft policies. Only being able to fdisk, and reinstall so many times without renewing your licence (for a fee).

  2. My job, hell i take that back, my life revolves so much around the internet. I work as a Web Applications Developer for a major transportation company in the United States.
    Anywho after the last set of worm wreaked havoc on our network I got to thinking about the whole anti-worm worm. But I think you are looking on to large of a scale.
    Take into consideration a SysAdmin creating a worm that only patrolled around his systems network. Armed with the latest virus definitions and the ability to decided effective counter measures.
    Suddenly your servers are running quicker because this worm is killing things before they have a chance to infect anything inside. Acting as a proverbal Body Guard.
    If it was successfully integrated it would mean billions of dollars each year saved from down time, and a SysAdmin that doesnt have to rotate 24 hour on calls.
    Now what if the developer was a college student who didnt want money for it. just his morals and a heardy thank you.