In August 2003 a mass-mailing worm called W32/SoBig.F spread rapidly in the USA infecting a large number of machines and causing network problems for organisations including Air Canada and Lockheed Martin.

At the same time the Internet Worm MSBlast.D.W32.Welchia or W32/Nachi started rapidly spreading compounding the problems. The Nachi variant was called a “good worm” as it was designed to locate infected systems and then download a patch to combat the variant of the MSBlast worm. Things got out of control with further variants and contagion leading to a great deal of economic damage to the infected companies.

Jeffrey Schiller, manager of the network of MIT stated “there is a special section of hell reserved for the guys who write these things” (ZDNet August 2003).

The idea of a “friendly worm” is as absurd as the introduction of cane toads to control insects in sugar cane and foxes to control rabbits both of which have caused devastation.

But, we always have the scientist who believes that all negative things can be contained and every use of such tools will be for the good of society. I refer to a paper (Technical Report MSR-TR-2007-82) to be presented at the IEEE Infocom 2008 Conference in April 2008 by Microsoft scientists called “Sampling Strategies for Epidemic-Style Information Dissemination”.

The general thrust is to develop an efficient method of worms to spread through a network detecting where they can “do good”. For example, moving through the Net and detecting where systems have not the latest patches on the computers and automatically applying them without the agreement nor indeed, the knowledge of the networks owners/managers.

Oh, what a Utopian idea!

This epidemic-style of dissemination uses “viral propagation mechanisms” developing a new field of computer science: “computer epidemiology”.

The fundamental change is that rather a network owner has control over changes to his network via a “pull” mechanism of the changes there would be a “push” mechanism; the difference of course is that control of dissemination of the software changes moves from the network owner to the software or worm owner.

“Push” techniques could be logically used for upgrades, advertising and malware introduction.

The last of these is my concern as Cybercrimes such as Denial of Service Attacks, identity theft, etc. etc would become more prevalent and capable of much wider and faster spread.

How would you like configuration control or network access to be under the control of an external party over who you have no control?

A terrorist organisation might be very interested in a “black death virus” which could spread across the world’s networks like an epidemic and constantly mutate to avoid detection.

Microsoft have, since news of the research became public, backed away from the topic stating “This project is basic research, there are no plans to incorporate this into Microsoft products” (Milan Vojnovic, Microsoft researcher, quoted in InformationWeek’s Security Weblog, Feb 20, 2008).

Does this mean that ongoing research has simply gone underground?

© Roger L. Levy 2008 Forensic.Technology@Gmail.com

No votes yet