快猫短视频

Turning the worm secures the computer

Worms, the enemy of PC owners and IT teams everywhere, are about to become a force for good, patching machines before bad worms can attack

WORMS, the enemy of PC owners and IT departments everywhere, are about to become a force for good. Beneficial worms will spread rapidly through networks and patch machines before a malicious worm can attack.

Since the first computer worm appeared in 1988, researchers have dreamed of deploying good worms to fight the bad ones. These would be programmed to invade a computer by exploiting the same weak points that bad worms use. But instead of delivering malicious software, the worms would close up the weak spot and so render the computer impervious to further attack. 鈥淲e鈥檙e talking about fighting fire with fire,鈥 says programmer David Aitel of the firm Immunity in Miami, Florida, who developed the worm.

These so-called 鈥減atching worms鈥 have previously been used by virus-writing gangs to try to stop the spread of worms deployed by their rivals. Legitimate users have been wary of unleashing patching worms because they are difficult to control, raising fears that the originator would be liable if one were to crash computers it was not designed to patch. 鈥淓ven if your intentions are good you are altering the behaviour of someone鈥檚 machine without their consent,鈥 says Jose Nazario of the security firm Arbor Net, who runs a website called Worm Blog.

Aitel claims to have overcome this problem by programming the beneficial worms to visit only computers on a particular network. The worms, which he calls 鈥渘ematodes鈥, are programmed with a map of the network that tells them the range of IP addresses of all the machines they are allowed to invade. The first thing they do when they contact a potential beneficiary is to check whether the computer is in their range. If so they will invade; if not, they look for a new host.

Alternatively, the 鈥減olite鈥 worms can be programmed to ask a central server for permission to invade. To ensure the infected computer always has access to that central server, Aitel suggests using the domain name system (DNS) server, which is responsible for translating domain names like newscientist.com into their numerical IP address. All computers on the network must have access to the DNS server at all times, as they contact it each time they visit a web page. If equipped with suitable software, it could also tell the worm whether it was allowed to invade a machine with a particular IP address.

鈥淭he worms exploit the same weak points in a PC that bad worms use鈥

To allow programmers with no worm-writing experience to assemble their own worm, Aitel has developed a programming language called Nematode Intermediate Language (NIL), which breaks a worm down into smaller software modules. He presented it last week at the Black Hat Briefings federal conference in Washington DC.

The company hopes to start selling NIL modules within the next four years.

Topics: Computer crime