Isn't this a GOOD computer virus?

So, our network at work was down/glitchy today, due to an infestation of the Welchia/Nachi worm. During a sporadic period of actual Net access, I found this page at Symantec, describing the steps the worm takes when it infects a computer:

A summary, hopefully not infringing on too many Symantec copyrights – [ul]
[li]· Copies itself to Dllhost.exe[/li][li]· Ends the process, Msblast, and deletes the msblast.exe file, which W32.Blaster.Worm drops.[/li][li]· Selects a new IP address, Sends a ping to find new valid addresses on the network.[/li][li]· Checks the computer’s operating system version, Service Pack number, and System Locale. Attempts to connect to Microsoft’s Windows Update and download the appropriate DCOM RPC vulnerability patch.[/li][li]· Checks the computer’s system date. If the year is 2004, the worm will disable and remove itself.[/li][/ul] Now, correct me if I’m wrong, but if this worm enters your system and completely delivers its payload, you are left with:
-A computer that is now protected from the Blaster worm, where it may not have been before.
-A computer CLEANED of the Blaster worm, if it was infected.
-A computer updated to protect against Windows’ DCOM RPC vulnerability (sealing the door it probably came in by to other viruses, or additional copies of itself!)
-If it’s 2004, a computer free of the Welchia/Nachi worm itself!

Now obviously, the “seek out other computers on the network and infect them” stage is an unwanted intrusion, and could cost companies valuable time and resources, and productivity loss. In fact it crippled email and Net access at my company for a large part of today. But how weird is it that all the intended effects of the worm seem to do is make vulnerable computers less vulnerable??? It’s like a big-hearted, yet radioactive 400-foot puppy, accidentally crushing downtown Tokyo while trying to protect its citizens.

Who would create and unleash a worm like this? A hacker with good intentions? A hacker feuding with the hacker who authored the Blaster worm? Someone at Microsoft, pushing their latest security updates out by force?

My vote is for a hacker with more good intentions than sense. Your analogy is excellent, as well as hilarious. I guess, maybe, over the long run, it’ll be a net positive if blaster is still crippling people; is it?

Having spent hours manually checking over 2000 computers (with the rest of my department) and having to delete Welchia* from over 250 of them, my answer is no f*ing way is this a “good” virus.

Good intentions, possibly, but it sent so many pings out searching for infected computers that it brought our system (and the systems of colleges and businesses across the country) to a standstill.

Some half-assed hacker decided to create a good virus, but didn’t bother to think out the issues involved and tossed the damn thing out in the world to wreck computers. Intent or not, the results was just as bad (if not worse) than the disease.

There has been debate in the field whether you could create a good virus, but it boils down to: don’t screw with my computer. Even a good virus can cause harm to the computers its affecting. Computers have a myriad of settings and software and unless you test your software rigorously before releasing it, the potential for unintended problems is a big one.

You mentioned “completely delivers its payload” – how can you be sure that this will even work? Virus writers are notoriously bad programmers – Blaster, for instance, made a simple mistake that prevented it from doing a major portion of its damage. I read virus writeups all the time as part of my job, and most of them usually have a line “the virus was supposed to do X, but due to a flaw in the code, it didn’t.” Compared to virus writers, Microsoft puts out well-neigh perfect code.

I’d love to wring the neck of the moron who did this, good intentions or not. It meant we had to deal with TWO big virus outbreaks instead of one simultaneously (we actually could have gotten things under control without visiting computers if we only had to deal with Blaster, but with two, it was impossible) and it’s hard to feel the jerk who did this was doing us any favors.

*Blaster was also present, but I’d estimate at least 85% of the infected computers had Welchia.

My take: No reasonably interesting program is flawless. Such a viral anti-virus is bound to contain errors that cause problems. People need to make decisions for themselves as to how much risk they want to expose themselves to when thinking about installing software.

And, as the posts so far make clear, this particular piece of code has a serious flaw.

Good programmers know they will make mistakes. Being good at self-criticism is important. Bad programmers falsely believe they are good programmers and won’t make mistakes.

According to an article in this month’s Scientific American, it’s been discovered the Welchia does one more thing. It installs a surreptitious file transfer server which apparently gives the virus’ author a backdoor into the system. All the other stuff it does may be simply to remove evidence of itself and prevent having to compete with Blaster for local and network resources.

Any program that runs on a computer without the user/owner’s authorization (and is not part of the manufacturer’s design) is bad.

I don’t care if this “benevolent virus” draws winning lottery tickets, if it runs without my say-so, it gets the boot.

Any program that runs on a computer without the user/owner’s authorization (and is not part of the manufacturer’s design) is bad.

I don’t care if this “benevolent virus” draws winning lottery tickets, if it runs without my say-so, it gets the boot.

Can we get a link on that please ?

Yeah, I work for a nationwide dialup ISP, and one of our providers sent us an email with a list of all of our users that are infected with Welchia/Nachi. Their infected machines were making an amazing amount of traffic, so we had to single them out, email them and let them know they had to patch their OS and clean their machine of Blaster and Welchia. It’s not so much that the virus does damage, but the way it propagates can cause huge network slowdowns.

These virus attacks of late have been hell on our tech support. Former AOL users are our largest customer base, and with AOL, their connection to the internet was behind a proxy. With most other dialup ISPs there’s no proxy. So they’d have the Blaster virus, and not be affected by it with AOL. Switch to our ISP, and the first time they connected, bam, RPC error, computer reboots. They call us and want to know why “our software” gave them a virus. Ugh. Brand damaging in the EXTREME. We have all sorts of “PLEASE READ THIS BEFORE SWITCHING FROM AOL” notices on our website and send out security alerts and all that but… no one reads them.

Virus writers can rot in hell for all I care.

I can’t really give you a very useful link. The article was in this month’s print version. The online version only gives the first couple of paragraphs. The part about the backdoor is later in the article. You need to either have an online subscription or read it in the print version. I imagine that some public libraries carry it.

I found a similar claim elsewhere that I can link to.

From here: