TechTarget
Q

Should a worm patch or push security updates?

In this expert response, Richard Brain explains why "offensive" worms should not be used to propogate patches.

Should "offensive" worms be used to propagate patches? Is it safe to use code that acts like malware in order to defeat malware?
In my opinion, an 'offensive' worm should never be used to spread patches. It is a dubious practice and can create all sorts of unintended consequences.

A computer worm is normally designed to infect as many computers as possible using a number of different attack...

vectors, with each attack vector exploiting a certain weakness which might exist on computers -- for example, Window file shares, emails or buffer overflows in Web servers.

In carrying out the attack, it is common for the worm to replace or modify webpages with its own content so it can spread itself to more computers. The problem with all of this attacking and modifying is that websites and computers will break due to the almost infinite variation of services and webpages. The worm, when patching and modifying a website with its code, can stop the page from being displayed properly or not at all. And when attacking different vectors, it can deny service by using up resources like bandwidth -- or denying access to the service by causing it to fail.

This was first published in May 2009

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close