Good Viruses Simply Don't Exist

21 Aug 2003
Virus News


"Welchia" only offers a false sense of security The appearance of the "Welchia" network worm has provoked lively debate over the legitimacy of malware programs that battle other malware. Unfortunately many users have failed to properly weigh the relative benefits and disadvantages of "Welchia". Kaspersky Lab feels it is important to shed light on the situation. There is no such thing as a good virus. The side effects caused by "Welchia" in deleting "Lovesan" and its attempts to update Windows are just the tip of the iceberg. Users need to be aware of the vital issues lying hidden just beneath the water line. Firstly, "Welchia" is guilty of breaking into computers, an unambiguously criminal act. The worm makes every effort to hide itself and even attacks IIS servers, leaving them vulnerable. Moreover, the worm only installs the Windows patch, but does not reboot computers. Until a reboot is done a system is still vulnerable, and in the case of servers and machines which are rarely rebooted, the "beneficial" effect of the worm is nil. Secondly, the network worm modifies infected systems and downloads potentially dangerous objects (an FTP server module and a carrier-file containing the malicious program). These objects can lead to operating system malfunctions and open breaches that can be exploited by evildoers. For example, using an FTP server makes it easy to steal sensitive information from infected systems. Thirdly, "Welchia" creates malicious data streams that compromise the owners of infected machines and which require additional payments for network traffic. These data streams clog up Internet channels and can potentially provoke a global Internet catastrophe. If the number of infected systems passes a certain threshold, the volume of virus traffic could overload data transmission channels and lead to an Internet-wide slowdown. Finally, the worm gives users a false sense of security and promotes passivity with regard to self-security. Such user apathy and inaction can lead to unpredictable consequences. The Internet could turn into a virus battlefield where network traffic is soaked up by a pack of malicious programs battling each other for supremacy. Kaspersky Lab stresses that there is no such thing as a good virus. There are destructive viruses and seemingly harmless viruses. Nevertheless, all viruses commit cyber crimes in that they conduct unauthorized activities and have negative side effects. Additionally, rather than hope for an "anti-virus virus", it is far better for users to actively protect their own machines. This is the only way to significantly prevent malicious programs from penetrating computer security systems and to avert increasing Internet chaos.