Less Worms than Leeches

By posted 17 Feb 2008 at 05:54AM

General

0

As you might guess, the New Scientist article on the Microsoft research "friendly worms" paper excited more annoyance than admiration, not only here but elsewhere in the research community. However, when a link to the actual paper turned up (thanks to Jimmy Kuo for pointing it out), it turned out be rather less dramatic. While it does refer to malware from time to time to illustrate distribution models, it’s several levels of abstraction away from the self-distributing patch mechanism that New Scientist seems to think it’s about. (Unfortunately, a million other articles have appeared since that have taken their cue from New Scientist, not from the actual paper.

 

Of course, we don’t know exactly what, if anything, the researchers in question said directly to New Scientist. If a benevolent Microsoft worm does exist as a gleam in someone’s eye, they’ll have to reconcile it at the implementation stage with the fact that Microsoft is also in the anti-malware business, and the industry hates the idea of unnecessary replicative code with a passion. (Even if there are still people out there who think we write all the viruses ourselves.)

 

In the meantime, the usual objections still apply.

  • In the real world, while a self-replicating program can, in principle, do anything a non-replicating program can do, no-one has yet found a job that has to be done by a worm. Well, apart from annoying anti-malware geeks.
  • The history of malware is littered with replicative programs that caused more damage than the writer ever  intended because he failed to take into account every possible scenario that could arise. A benevolent worm would likewise have to take into account the additional practical complications that self-replicating code can give rise to. Benevolent intentions are not sufficient excuse for breaking systems that work differently to the way you assumed they would.
  • Even the best-coded, best-intentioned replicative code also has to cross so many ethical and legal boundaries that the fastest feasible distribution algorithm is likely to finish up hobbled by so many disclaimers and "are you sure?" messages that its theoretical advantages will be nullified.

But if you’re still not sure, read Vesselin’s paper: it doesn’t leave many stones unturned.

 

David Harley
Research Author

Related Articles

Internet Service Providers “failing to protect” against cyber attacks, says EU agency
Supermarket security breach puts 2.4 million credit cards at risk
Nine out of ten employees knowingly ignore cyber safety policies
Oregon farm company sues its bank over $223,500 cyber-heist
Obama increases spending to defend U.S. computer networks from cyber attacks

Follow Us

FacebookYoutubeTwitterLinkedInGoogle+RSS

Automatically receive new posts via email:

Delivered by FeedBurner

11 articles related to:
Hot Topic

Linux malware

07 May 2013
11
Linux/Cdorked.A malware: Lighttpd and nginx web servers also affected
06 May 2013
10
Linux Apache malware: Why it matters to you and your business
02 May 2013
9
The stealthiness of Linux/Cdorked: a clarification
26 Apr 2013
8
Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole
24 Jan 2013
7
Linux/SSHDoor.A Backdoored SSH daemon that steals passwords
View more
Popular articles Tags
.ASIA domain name scams still going strong
Close call with a Caribbean cruise line scam
DNSChanger temporary’ DNS servers go dark soon: is your computer really fixed?
Java zero day = time to disable Java, in your browser at least
AMMYY Warning against Tech Support Scams
ESET Virus Radar

Archives

Select month
Copyright © 2013 ESET, All Rights Reserved.