Good worms can secure computers

February 01, 2006

WORMS, the enemy of PC owners and IT departments everywhere, are about to become a force for good. Beneficial worms will spread rapidly through networks and patch machines before a malicious worm can attack.

Since the first computer worm appeared in 1988, researchers have dreamed of deploying good worms to fight the bad ones. These would be programmed to invade a computer by exploiting the same weak points that bad worms use. But instead of delivering malicious software, the worms would close up the weak spot and so render the computer impervious to further attack. "We're talking about fighting fire with fire," says programmer David Aitel of the firm Immunity in Miami, Florida, who developed the worm.

These so-called "patching worms" have previously been used by virus-writing gangs to try to stop the spread of worms deployed by their rivals. Legitimate users have been wary of unleashing patching worms because they are difficult to control, raising fears that the originator would be liable if one were to crash computers it was not designed to patch. "Even if your intentions are good you are altering the behaviour of someone's machine without their consent," says Jose Nazario of the security firm Arbor Net, who runs a website called Worm Blog.

Aitel claims to have overcome this problem by programming the beneficial worms to visit only computers on a particular network. The worms, which he calls "nematodes", are programmed with a map of the network that tells them the range of IP addresses of all the machines they are allowed to invade. The first thing they do when they contact a potential beneficiary is to check whether the computer is in their range. If so they will invade; if not, they look for a new host.

Alternatively, the "polite" worms can be programmed to ask a central server for permission to invade. To ensure the infected computer always has access to that central server, Aitel suggests using the domain name system (DNS) server, which is responsible for translating domain names like into their numerical IP address. All computers on the network must have access to the DNS server at all times, as they contact it each time they visit a web page. If equipped with suitable software, it could also tell the worm whether it was allowed to invade a machine with a particular IP address.

To allow programmers with no worm-writing experience to assemble their own worm, Aitel has developed a programming language called Nematode Intermediate Language (NIL), which breaks a worm down into smaller software modules. He presented it last week at the Black Hat Briefings federal conference in Washington DC.

The company hopes to start selling NIL modules within the next four years.
"This article is posted on this site to give advance access to other authorised media who may wish to quote extracts as part of fair dealing with this copyrighted material. Full attribution is required, and if publishing online a link to is also required. The story below is the EXACT text used in New Scientist, therefore advance permission is required before any and every reproduction of each article in full. Please contact Please note that all material is copyright of Reed Business Information Limited and we reserve the right to take such action as we consider appropriate to protect such copyright."


Author: Celeste Biever


New Scientist

Related Fire Articles from Brightsurf:

In the line of fire
People are starting almost all the wildfires that threaten US homes, according to an innovative new analysis combining housing and wildfire data.

The Venus 'ring of fire'
ETH researchers used computer simulations to classify the current activity of corona structures on the surface of Venus.

Fire from the sky
Before the Taqba Dam impounded the Euphrates River in northern Syria in the 1970s, an archaeological site named Abu Hureyra bore witness to the moment ancient nomadic people first settled down and started cultivating crops.

Tunnel fire safety
With only minutes to respond, fire education really counts.

Native approaches to fire management
In collaboration with tribes in Northern California, researchers examined traditional fire management practices and found that these approaches, if expanded, could strengthen cultures and reduce the risk of catastrophic wildfires in Northern California.

New concept for novel fire extinguisher in space
A research team at Toyohashi University of Technology has developed a new concept of fire extinguishing, named Vacuum Extinguish Method.

Watching brain cells fire
Brain scientists have plenty of ways to track the activity of individual neurons in the brain, but they're all invasive.

Neurons that fire together, don't always wire together
As the adage goes 'neurons that fire together, wire together,' but a new paper published today in Neuron demonstrates that, in addition to response similarity, projection target also constrains local connectivity.

A world on fire
The world is on fire. Or so it appears in this image from NASA's Worldview.

Can we have a fire in a highly vacuumed environment?
Toyohashi University of Technology researchers have discovered that non-flaming combustion (smoldering) of a porous specimen can sustain, even under nearly 1 percent of atmospheric pressure.

Read More: Fire News and Fire Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to