Today the SANS Internet Storm Center posted a note about an increase in ICMP traffic, including a quick preliminary analysis. Another worm has apeared, this time the W32/Nachi.worm is going around taking advantage of the RPC DCOM vulnerability. What is ironic about this worm is that it will virtually clean up any machine that is infected with the Blaster Worm. The trick is it tries to download the correct patches from Windows Update and remove the worm.

This Nachi worm spreads by exploiting a hole in Microsoft Windows. It instructs a remote target system to download and execute the worm from the infected host. Once running, the worm terminates and deletes the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent other threats from infecting the system through the same hole. When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution.

Corporate User : Medium
Home User : Medium

More Information: http://vil.nai.com/vil/content/v_100559.htm

Now this has got me thinking......:confused:

What do you think are the chances of this type of anti virus, virus becoming the normal method for fixing problems?, turning the net into a large "immune system" with agents patrolling looking out for problems and applying patches or "fighting off" the attack automaticly.

I just recently read a book called digital biology by Peter J. Bentley which showed how now and in the future the digital and biological worlds will combine.

Well its seems that future is here.

As i understand it this Nachi.worm was created by an individual but do you think the big antivirus firms like symantec might ever employ the same tactics?

Although I would prefer to know what goes on my computer and know that I put it there, this type of system could benifit less computer literate, or lazy :( people.

Provided of course the new antivirus....things were coded properly to avoid doing more harm than good. :)

so what do you think?

P.S virus plural = :confused:

My way of thinking on this is that this to could be exploited by someone who knows how to do it. All they would have to do is grab it and re-write it to cause a DOS. (send everyone who has it to go to MS at the same time and bingo oyu are back where you started.

The idea behind NACHI is good but IMHO very easy to exploit.

And yes I think you are correct, at some point in the future there will be "VIRII" (?) like this floating in the wild.

As for digital and biological coming together it has already happened. There is now a computer chip that can be implanted into the body and that allows disabled (I think the term is paraplegicks) people to find a level of mobillity that they presently do not have.

virus plural = Viruses

;)

Or if you type with a stutter "Viruseses

Pluralisation of Virus (http://answers.google.com/answers/main?cmd=threadview&id=222617)

Yes, in English it is Viruses - the same way that buses is the plural of bus and hippopotamus can be pluralised to hippopotamuses; (hippopotami can be used by pedantic scholars since that is how it is declined in Latin, whereas genus would become genera).

Whether or not there is a Latin plural has been a matter of debate since for a 2nd declension noun it is unusually neuter. If it had a sex the plural would be virus (but pronounced with a long u like the large-antlered mammal the moose). It is not viri and it is certainly not virii for which there is no Latin construct whatsoever.

Using English seems best - though even English is funny about plurals, with the plural of sheep being sheep and the plural of duck being either duck or ducks.

LOL :D It's a mad mad world.

As much as I like the idea of a pseudo-self healing web, at this time I think it's very unlikely. The reasons, yet again, are money and the subjective nature of computing.

Why would Symantec or McAfee, or any of the others release an anti-virus (a real one- not just standalone software)? There is no way to get paid for it, unless you consider the shareware business model (laughable at best, an unmitigated failure at worst).

Now, on the other hand, I could seriously see an argument for prosecuting the anti-virus writers alongside the virus writers... several perspectives support this.

-Forced changes to a system the writer does not own.
-Increased, possibly unwanted traffic on a mail server.
-Increased corporate costs related to admin.
-Possible damage from well intentioned, albeit poorly constructed anti-virii.
-Let us also consider the annoyance of chain mail that is finally accurate sometimes (install this and it'll fix your computer! vs. Delete x file to fix the virus!) This would spread confusion and counteract years of education for n00bs who I've taught not to forward anything....

Honestly- were all of the enlightened experts in this forum asked, I'm sure that many would at least question, most likely resist, any change to their system they don't knowingly administer.

It wouldn't apply to M$ boxes either... would all of the penguin-heads appreciate an automatic, forced change to the latest kernel? What about moving to a different distro becuase our well-intentioned author felt that the one they used was better, cleaner, safer, more stable, etc. Same for all the Mac folks out there.

Besides the money issue, it boils down to one question- what is "Fixed"? The best possible setup, though affected by certain standards, is still highly subjective. If you do plan to design a "healing virus", who do you write it for? M$ would likely say for the Lowest Common Denominator. Secure the system like you would for your mother (who has never touched a mouse and still leaves the front door unlocked). What about you? How secure is safe, and how safe is restrictive for your needs?

I would love for someone to write an anti-virus for each virus that's out there, but ultimately it would remain both a fee-based system, and an opt-in system before it'll gain acceptance- expecially with the more experienced members of the online community.

"Of course, that's just my opinion, I could be wrong." (D Miller)

Well speaking of this my entire college network has just been infected by Welchia/nachi a month after it was discovered :confused:

The technitians are off right now trying to discover what it does :confused:

Is it not thier jobs to know about and patch these things before they happen?


saying that it was quite funny seeing the warning pop up on 30 computers at once....