*** Welcome to piglix ***

Helpful worm


Anti-worm (sometimes helpful worm), has multiple meanings in the field of computer security. It can be a piece of software designed to protect against computer worms, combining the features of anti-virus software and a personal firewall. It can also refer to a worm designed to do something that its author feels is helpful, though not necessarily with the permission of the executing computer's owner.

The concept of the "anti-worm", or "helpful worm", is a proactive method of dealing with virus and computer worm outbreaks. This type of worm delivers its payload by doing helpful actions instead of malicious actions. Just like malicious computer worms, anti-worms reach computers by scanning IP ranges and placing a copy of themselves on vulnerable hosts. The anti-worm then patches the computer's vulnerability and uses the affected computer to find other vulnerable hosts. Anti-worms have the ability to spread just as fast as regular computer worms, utilizing the same "scan, infect, repeat" model that malicious computer worms use.

Anti-worms have been used to combat the effects of the Code Red,Blaster, and Santy worms. Welchia is an example of a helpful worm. Utilizing the same deficiencies exploited by the Blaster worm, Welchia infected computers and automatically began downloading Microsoft security updates for Windows without the users' consent. It automatically rebooted the computers, installing the updates. One of these updates was the patch that fixed the exploit.

Other examples of helpful worms are "Den_Zuko", "Cheeze", "CodeGreen", and "Millenium".

The Santy worm was released shortly before Christmas 2004 and spread quickly, using Google to search for vulnerable versions of phpBB. The worm exploited a bug in the phpBB software to infect the host, defacing the website, and deleting all of the messages stored on the forums. The worm was poised to spread to hundreds of thousands of other websites running the phpBB forum. Approximately 10 days after the worm's launch, someone released another worm to combat the Santy worm and patch the vulnerable phpBB forum.


...
Wikipedia

...