Security Experts Decry Good Worm

New variant of the Blaster worm, known as Blaster.D, attempts to patch vulnerable systems.

Security experts are now tracking a new variant of the Blaster worm, only this one attempts to patch vulnerable systems.

Known as Blaster.D, the worm acts much like the original Blaster in that it infects machines that havent yet been patched against the RPC DCOM vulnerability in Microsoft Corp.s Windows 2000 and XP software. But, once it infects a PC, the new variant attempts to force the machine to download and install the patch for the flaw that Blaster exploits. The worm will remove itself from infected machines in 2004.

Despite its seemingly good intentions, Blaster.D, also known as Welchia or Nachi, can still cause just as many network problems as its predecessors do. It still scans for other vulnerable systems, and therefore eats up valuable bandwidth.

The concept of a "benevolent" worm certainly isnt a new one; the topic has been talked about for years in the security community, with some proponents advocating it as a way to take up the slack for people who fail to patch their systems. Two years ago, during the Code Red outbreak, someone released a similar worm called Code Blue that attempted to prevent vulnerable Web servers from being infected by Code Red. And, earlier in 2001, the so-called Cheese worm attempted a similar repair job on Linux systems that had been infected by the Li0n worm.

But, security experts say that the concept of a good worm is still an oxymoron.

"Theres no such thing as good malware. It still does this without the users permission," said Ian Hameroff, eTrust security strategist at Computer Associates International Inc., in Islandia, N.Y. "This is the Internet equivalent of a doctor who makes house calls, but its a doctor you didnt invite over and you arent real sure about his qualifications."