Anti-worm

Anti-worm

Anti-worm has multiple meanings within the field of computer security. It can be a piece of software designed to protect against computer worms, combining the features of anti-virus software and a personal firewall. It can also mean a worm designed to do something that its author feels is helpful.

Concept

The concept of "anti-worms" is a proactive method of dealing with virus and computer worm outbreaks. Just like malicious computer worms, anti-worms reach computers by scanning IP ranges and placing a copy of themselves on vulnerable hosts. The anti-worm then patches the computer's vulnerability and uses the affected computer to find other vulnerable hosts. Anti-worms have the ability to spread just as fast as regular computer worms, utilizing the same "scan, infect, repeat" model that malicious computer worms use.

Criticism

Many computer security experts have denounced the so-called "anti-worm". Their position is that no code should be run on a system without the system owner's consent. Worm code, even if its author has good intentions, can wreak havoc on a network. It can overflow the traffic capacity of the network. Its author does not know the exact configuration of the system on which the code is running, and it could render that system useless for its intended purpose.

It is important to note that most jurisdictions which have computer crime laws covering worms do not distinguish "worms" from "anti-worms," thus making the author(s) of such code liable to prosecution.

Example

The Santy worm was released shortly before Christmas 2004 and spread quickly, using Google to search for vulnerable versions of phpBB. The worm exploited a bug in the phpBB software to infect the host, defacing the website and deleting all of the messages stored on the forums. The worm was poised to spread to hundreds of thousands of other websites running the phpBB forum. Approximately 10 days after the worm's launch, someone released another worm to combat the Santy worm and patch the vulnerable phpBB forum. The anti-Santy worm spread quickly affecting thousands of servers running the phpBB.

However, the anti-santy worm caused problems of its own. Many site administrators reported that the anti-worm crashed their systems by flooding them with requests, resulting in a denial-of-service attack. Others reported that the patch did not work.

Whether or not the anti-worm had a significant positive impact on the spread Santy worm is unknown. Within several hours of Santy's release, Google blocked the search string the worm was using to find vulnerable hosts. Thus, the worm could not find new hosts to infect. There is no way to determine if Google's actions or the anti-Santy worm did more to protect hosts.

Anti-worms have also been used to combat the effects of the Code Red worm. [ [http://www.vnunet.com/news/1125206 'Anti-worms' fight off Code Red threat] ]

Notes


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Anti-proverb — An anti proverb is the transformation of a stereotype word sequence – as e. g. a proverb, a quotation, or an idiom – in order to cause humorist effect.Stereotype sequences are essentially defined phrases well known to many people, as e. g. Don t… …   Wikipedia

  • Computer worm — Morris Worm source code disk at the Computer History Museum …   Wikipedia

  • Klez (computer worm) — Klez is a computer worm that propagates via e mail. It first appeared in the end of 2001. A number of variants of the worm exist.Klez infects Microsoft Windows systems, exploiting a vulnerability in Internet Explorer s Trident layout engine, used …   Wikipedia

  • Spybot worm — The Spybot worm is a large family of computer worms of varying characteristics. Although the actual number of versions is unknown, it is estimated to be well into the thousands. This briefly held the record for most variants, but has subsequently …   Wikipedia

  • SQL slammer (computer worm) — The SQL slammer worm is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000… …   Wikipedia

  • Ole Worm — (pronounced Olə Vorm ) (13 May 1588 – 31 August 1655), who often went by the Latinized form of his name Olaus Wormius, was a Danish physician and antiquary. Contents 1 …   Wikipedia

  • Sasser (computer worm) — Sasser is a computer worm that affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000. Sasser spreads by exploiting the system through a vulnerable network port (as do certain other worms).… …   Wikipedia

  • Zotob (computer worm) — The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as ABC, CNN, The Associated Press, The New York Times, and Caterpillar Inc. mdash; Business Week, August 16, 2005.Zotob is …   Wikipedia

  • Kak worm — KAK (Kagou Anti Krosoft) is a VBScript worm that uses a bug in Outlook Express to spread itself.On the first day of month, on 5:00 pm, the worm uses shutdown.exe to initiate a shutdown and show a popup with text kagou anti krosoft says not today! …   Wikipedia

  • Caribe (computer worm) — Cabir (also known as EPOC.cabir and Symbian/Cabir) is the name of a computer worm developed in 2004 that is designed to infect mobile phones running Symbian OS. It is believed to be the first computer worm that can infect mobile phones. When a… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”