Thanks but no thanks. Thats what I say to those anonymous crackers who had decided to "help" out by releasing the Cheese Worm last month.
Cheese is certainly a "c00l" hack, but that definitely doesnt make it acceptable or responsible behavior. Visions of bots floating around in the ether waging mighty, but invisible, battles belong in books such as Neal Stephensons "The Diamond Age," not on production Internet servers.
Thats really the key point. Unauthorized code should not be running on other peoples servers, no matter how much good it tries to do. Period. This is especially the case when code installs itself secretly on your servers with root privileges and then uses them as a launching point for transferring data to countless numbers of other servers on the Internet.
The Cheese Worm even uses hostile code techniques of trying to hide its presence by changing its process name to "httpd" and placing its files into a "/tmp/.cheese" directory, where theyre not likely to be easily stumbled upon. Does this sound like responsible coding to you?
A worm is still a worm, and any self-replicating code that uses backdoors to silently install itself on systems is bad by definition, no matter how its used. Worm technology is not value-neutral. The silver lining doesnt make the dark cloud go away.
Moreover, this kind of technology has proved to be impossible to control in the past. Remember the famous Morris Internet Worm in November 1988? Process limits Morris put into that worm to keep it from overloading infected systems didnt work because of coding mistakes he made.
Finally, the Cheese Worm doesnt even solve the real problem, which is a vulnerable version of BIND, also known as Berkeley Internet Name Domain. IT administrators infected with the Cheese Worm will still have to rebuild servers from scratch—who knows what else has infected those systems?
The only real and correct way to deal with vulnerabilities is to fix them—preventing 1i0n, Cheese and their ilk.