By Ryan Naraine
October 5, 2005
Convinced that businesses will use nonmalicious worms to cut down on
network security costs, a high-profile security researcher is pushing
ahead with a new framework for creating a "controlled worm" that can
be used for beneficial purposes.
Dave Aitel, vulnerability researcher at New York-based Immunity Inc.,
unveiled a research-level demo  of the "Nematode" framework at the
Hack In The Box confab in Kuala Lumpur, Malaysia, insisting that good
worms will become an important part of an organization's security
"We're trying to change the way people think," Aitel said in an
interview with Ziff Davis Internet News. "We don't want people to
think this is impossible. It's entirely possible to create and use
beneficial worms and it's something businesses will be deploying in
For years, security experts have debated the concept of using good
worms to seek and destroy malicious worms. Some believe that it's time
to use the worms' tactics against them  and build good worms that
fix problems but the chaos and confusion associated with
self-propelled replicating programs have left others unconvinced.
Aitel is among those who believe it is "inevitable" that worm
technology can significantly reduce the cost of disinfecting and
maintaining a corporate network.
"We already have a proof-of-concept that can take a very simple
exploit, go through a few steps and, in a matter of minutes, create a
working nematode," Aitel said.
He took the name for the concept from the pointy-ended worm used to
control pests in crops. "We can generate a nematode any way we want.
You can make one that strictly controls, programmatically, what the
worm does," Aitel explains.
Aitel, who did a six-year stint as a computer scientist at the NSA
(National Security Agency) before moving on to work as a code-breaker
for research outfit @Stake Inc., is adamant that nematodes can provide
the answer for lowering security costs.
He sees a world where "strictly controlled" nematodes are used by
ISPs, government organizations and large companies to show significant
During his Hack In The Box presentation, Aitel outlines the reasons
for creating nematodes and displayed strict protocols that can be used
to control the beneficial worms.
He said nematodes can be automatically created from available
vulnerability information and even showed off a new programming
language to create the worms.
Aitel acknowledged potential problems with the concept, noting that
worms are very hard to write and use large amounts of network
bandwidth. Because worms are harder to target and control, he noted
that IT administrators live in constant fear.
The concept includes the use of "Nematokens," servers that are
programmed to only respond to requests from networks cleared for
attacks and the NIL (Nematode Intermediate Language) that can be used
as a specialized and simplified "assembly for worms."
The NIL can be used to convert exploits into nematodes quickly and
easily. In some cases, Aitel believes that exploits can be written to
NIL directly to simplify the process even more.
This will be part of your security team's toolkit," Aitel argues,
noting that his company's work is "research-level proof of concept"
that details the theory and theology of using beneficial worms.
"If you look at the security cost of maintaining a large network, most
CIOs agree its way above what they want to pay. With this [nematode]
concept, you can take advantage of automating technologies to get
protection for pennies on the dollar. That's the drive behind
developing a lot of these new forward-looking technologies," Aitel
"Nematodes are a step beyond the next step. We're two stages away from
using this," he added. "The goal has always been to build the network
that protects itself automatically with automated technologies. We're
certainly not more than five years away from this sort of technology
becoming something that you can buy."
"We already have an engine that takes exploits and turns them into
worms and does it in a way that allows you to inject control
mechanisms into that. That's something that will appeal to businesses.
InfoSec News v2.0 - Coming Soon!