Kraken Infiltration Revives "Friendly Worm" Debate

Anonymous Stallion writes "Two security researchers from TippingPoint (sponsor of the recent CanSecWest hacking contest) were able to infiltrate the Kraken botnet, which surpasses its predecessors in size. The researchers have published a pair of blog entries: Owning Kraken Zombies and Kraken Botnet Infiltration. They dissect the botnet and go so far as to suggest that they could cleanse it by sending an update to infected hosts. However, they stopped short of doing so. This raises the old moral dilemma about a hypothetical 'friendly worm' that issues software fixes (except that the researchers' vector is a server that can be turned off, not an autonomous worm that can't be recalled once released). What do you think — is it better to allow the botnet to continue unabated, or perhaps to risk crashing a computer controlling a heart monitor somewhere?"

Re:Had me up until the sensationalism

[somersault]

Cleary you have never been to Singapore.

Oh wait, wrong movie

Re:Had me up until the sensationalism

[morgan_greywolf]

I challenge the submitter to find one instance where a computer controlling a heart monitor has a worm infection.

Would that be a 'heartworm'?

Re:Yes, they should do it.

[jimbolauski]

There's an easy work around to this, just add a popup window saying "YOUR COMPUTER HAS WORMS PRESS OK TO FIX!" The majority of the people with worms on their computers would not think twice about pressing it.

Cleansing a Botnet is Murder.

[Lassiethebrave]

I do not eat meat, nor do i clean infected boxes; all life is holy...

KILL THEM ALL

[brassman]

"Kill them all. God will know His own."