Anti-worm
Encyclopedia
Anti-worm has multiple meanings within the field of computer security
. It can be a piece of software designed to protect against computer worm
s, combining the features of anti-virus software and a personal firewall
. It can also mean a worm designed to do something that its author feels is helpful.
experts have denounced the so-called "anti-worm". Their position is that no code should be run on a system without the system owner's consent. Worm code, even if its author has good intentions, can wreak havoc on a network. It can overflow the traffic capacity of the network. Its author does not know the exact configuration of the system on which the code is running, and it could render that system useless for its intended purpose.
Most jurisdictions that have computer crime laws covering worms do not distinguish "worms" from "anti-worms," thus making the author(s) of such code liable to prosecution.
to search for vulnerable versions of phpBB
. The worm exploited a bug in the phpBB software to infect the host, defacing the website and deleting all of the messages stored on the forums. The worm was poised to spread to hundreds of thousands of other websites running the phpBB forum. Approximately 10 days after the worm's launch, someone released another worm to combat the Santy worm and patch the vulnerable phpBB forum. The anti-Santy worm spread quickly affecting thousands of servers running the phpBB.
However, the anti-santy worm caused problems of its own. Many site administrators reported that the anti-worm crashed their systems by flooding them with requests, resulting in a denial-of-service attack
. Others reported that the patch did not work.
Whether or not the anti-worm had a significant positive impact on the spread Santy worm is unknown. Within several hours of Santy's release, Google blocked the search string the worm was using to find vulnerable hosts. Thus, the worm could not find new hosts to infect. There is no way to determine if Google's actions or the anti-Santy worm did more to protect hosts.
Anti-worms have also been used to combat the effects of the Code Red
worm.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
. It can be a piece of software designed to protect against computer worm
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
s, combining the features of anti-virus software and a personal firewall
Personal firewall
A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall....
. It can also mean a worm designed to do something that its author feels is helpful.
Concept
The concept of "anti-worms" is a proactive method of dealing with virus and computer worm outbreaks. Just like malicious computer worms, anti-worms reach computers by scanning IP ranges and placing a copy of themselves on vulnerable hosts. The anti-worm then patches the computer's vulnerability and uses the affected computer to find other vulnerable hosts. Anti-worms have the ability to spread just as fast as regular computer worms, utilizing the same "scan, infect, repeat" model that malicious computer worms use.Criticism
Many computer securityComputer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
experts have denounced the so-called "anti-worm". Their position is that no code should be run on a system without the system owner's consent. Worm code, even if its author has good intentions, can wreak havoc on a network. It can overflow the traffic capacity of the network. Its author does not know the exact configuration of the system on which the code is running, and it could render that system useless for its intended purpose.
Most jurisdictions that have computer crime laws covering worms do not distinguish "worms" from "anti-worms," thus making the author(s) of such code liable to prosecution.
Example
The Santy worm was released shortly before Christmas 2004 and spread quickly, using GoogleGoogle
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
to search for vulnerable versions of phpBB
PhpBB
phpBB is a popular Internet forum package written in the PHP scripting language. The name "phpBB" is an abbreviation of PHP Bulletin Board...
. The worm exploited a bug in the phpBB software to infect the host, defacing the website and deleting all of the messages stored on the forums. The worm was poised to spread to hundreds of thousands of other websites running the phpBB forum. Approximately 10 days after the worm's launch, someone released another worm to combat the Santy worm and patch the vulnerable phpBB forum. The anti-Santy worm spread quickly affecting thousands of servers running the phpBB.
However, the anti-santy worm caused problems of its own. Many site administrators reported that the anti-worm crashed their systems by flooding them with requests, resulting in a denial-of-service attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
. Others reported that the patch did not work.
Whether or not the anti-worm had a significant positive impact on the spread Santy worm is unknown. Within several hours of Santy's release, Google blocked the search string the worm was using to find vulnerable hosts. Thus, the worm could not find new hosts to infect. There is no way to determine if Google's actions or the anti-Santy worm did more to protect hosts.
Anti-worms have also been used to combat the effects of the Code Red
Code Red (computer worm)
The Code Red worm was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server.The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh...
worm.