[Project] W32.Asclepius.Worm

[ayu]

I'm at this very moment sitting in my bed with my lappy in the dark, because I can't sleep. And this thought just hit me....


There are a lot of old worms out there still circling around the net because of old un-updated computers, like blaster and such.

What if one was to create a sort of "white blood cell" or simply a friendly worm that would scan the net for old vulnerabilities, and on finding a hole, it would spread just like the "malicious" worm does, but instead of causing havoc, it would remove the worm in question from the infected computer, patch the vulnerability, and warn the user.

And, hell, why stop there? SQL worms are pretty common these days, might as well make it take care of that as well =)

The friendly little worm that I now have created in my head, has a pretty good name imo. "Asclepius", which (afaik) is a healing God in Greek mythology.

I mean, at the moment people are mostly defending themselves against malicious code. It will never stop if no changes are done, so I say we need to fight fire with fire! ^^

[computathug]

Now i definitely like the sound of this. The question is would the AV companies leave the signatures and leave it UD as it wouldn't be malicious and how long before someone attaches on to the idea and adds malicious content to the source.

I wonder if this worked if it would still be classed as an intrusion. I can see the headlines now 'developer gets 6 years for the introduction of the super W32.Asclepius.Worm' even though it has just patched 1 million computers worldwide from a known vulnerability.

Maybe this would work if you gave it rights to ask the user for permission first before patching but then most would deny it the privilege as it would be then more than likely be called 'spam'. There again its unbelievable how many computers i go to repair that don't have any protection at all, so this wouldn't be a problem to them.

Nice thought though

[Shimo]

I some how think AV companies would not be very happy.... I mean its taking away from there buissness. Most companies would treat it as a major threat.. Although the newslines would be very comical.... I vote you get to work.

[Big-E]

I've actually been on more professional forums where this exact thing has been pondered and it always comes up to one thing, as thuggy mentioned - ethics. Why is it right for a non-malice user to intrude when it`s not okay for a malice user to intrude. We can use DNR's old analogy with scanning, as an example. Think of it like this - a burglar enters your home when you are away, you think "WTF and GTFO" whereas the cops enter your house when you are not around and you still think "WTF and GTFO". Truth be told, no one should be entering your house without your authorization.

My opinion, behind every good deed is trouble waiting to happen. Again, back to exactly what thuggy has mentioned - when will this good worm be turned into something bad?

[caisher]

SQL worms are pretty common these days, might as well make it take care of that as well =)

SQL worms are also popular in china

[ayu]

I'm happy to announce that this idea has now become a project, and is already in the works ^^

I will make a more fitting post soon with some more info of what I am doing.

[n3rd]

gimme plug and play baby XD ill throw the worm on lots of computers at school (A)

[DNR]

1. Still illegal to unauthorized access to a computer or network, in USA, and UK. Your app will be doing just that. Corporations will accuse you of damage and seek monetary compensation. Law Enforcement will want to bill you for their time to figure things out. Even Jail while the dumbasses try to understand why someone would do something nice anyways.

2. Heuristic behavior of your software will get it flagged quick by hostbased firewalls and network IDS as malware. You'll be stopped right at the starting gate.

Nice idea, but don't. Consider someone could rewrite bits of your code to make it hostile too.

Sorry to piss on your parade!

DNR

[Big-E]

.....

2. Heuristic behavior of your software will get it flagged quick by hostbased firewalls and network IDS as malware. You'll be stopped right at the starting gate.

Nice idea, but don't. Consider someone could rewrite bits of your code to make it hostile too.

Sorry to piss on your parade!

....
DNR

No, I say do it. I already had this discussion with someone today; there is ALWAYS risk associated with innovation. There is going to be 'bad' uses for everything; I thought about it, I say go for it.

If cats can develop a decentralized patch for various security vulnerabilities, and provide a unique method of doing so whilst defeating all current barriers, I say make the attempt.

Cats, you may be interested in this link:

http://www.people.frisk-software.com/~bontchev/

Attempts at creating 'good' worms have failed, many times because the writers did not adopt the safeguards outlined in the Bontchev paper. In 1982, prior to Bontchev's work, two Xerox Palo Alto Research Center (PARC) researchers John Shoch and Jon Hupp coined the term 'worm' for a program that spread around their 100-computer network updating drivers. A flipped bit in the program caused the resulting worm to spread uncontrollably and clog the network.

Source:http://www.securityfocus.com/news/11506

[Consumerwhore]

While this is a cool project, I'm still stuck on.....Why?

If people are to lazy and/or incompetent to be able to complete the necessary steps in securing whatever they are using, they lose. It seems like now a days everyone relies on someone else to do shit for them. With the increase in the use of technology basic security and how to implement it shouldn't be something you do when you have spare time...

Ignorance is bliss does NOT carry over into computing all that well and it never should. = /

Meh, it's 4 am and I've run out of brain cells : (

[ayu]

Well of course it's illegal, but I would never make it so that they could track it here anyway ^^

And the reason I'm doing it is to learn, and to force people to stay safe, since they refuse to do it because of ignorance and idiocy. You might think "yeah, why should I care about them?", well, for every idiot who doesn't give a fuck about their computer getting infected with shit, the more load there is on the internet, and more ways for malware to spread, therefore I want to fight it with the malware producers own methods.

And, don't worry DNR, I have thought about that as well, the worm will go through a lot of testing before it's "released", and also, there are loads of worms like this that have a malicious purpose, one more wouldn't change much.

Thanks for the material E ^^


The show must go on!

[computathug]

On a side note......Have you not wondered how many people who rely on other machines getting a virus to keep them in work.

Cats single handedly makes over 1 million people world wide out of a job

[DNR]

what if: all the different platforms, apps, drivers - you better hope it doesn't crash something, good intentions or not.
A good deed never goes unpunished...

DNR

[str33tl0rd]

good idea, but not always you fight fire with fire...couz then there is always a more bigger one that will take over...and this is one of those cases...i doubt you will suceed not meanin' you shouldn't try...but give it your best...i hope to see your worm do something that other worms don't do. =]

[n3rd]

Try it, if you succeed you will be a legend, fail and try again