Discover LinuxSecurity Features
Is a cracker that helps any better than a cracker that hurts?
Even though it does close the backdoor, it is generally thought that once a system is cracked, it cannot be resecured in any other way than wiping the disks and starting over.
Assuming that the worm is written well enough that it always does exactly what it is supposed to do, I feel a patcher worm is a good thing for the Internet.
The systems that the Cheese worm is breaking into are already wide open due to the 1i0n worm. After finding an open system, a cracker could use it to mask their identity during further attacks, but after the Cheese worm has patched a system, it becomes significantly harder for a cracker to use a 1i0n worm infected system for attacking other computers.
Since it is impossible for the cracked systems to be resecured until the system's disks are wiped and everything reinstalled, the administrators of 1i0n infected systems have nothing to lose from the Cheese worm patching their system. Furthermore, bandwidth usage of the scans by the Cheese worm is similar to the amount used by 1i0n worm scans. The Cheese worm simply increases the security on the systems it invades.
Considering it has been 3 months since the 1i0n worm was released, it is fair to assume that systems still infected by the 1i0n worm have administrators that do not plan to fix the systems in the near future.
While it is illegal to access another computer without authorization (IANAL), the Cheese worm does help the internet as a whole become a better place by limiting the number of open systems for less experienced crackers to use for attacks. Still, the Cheese worm sets a dangerous precedent if widely accepted as a positive contribution to the field of security because that sounds like the security community is saying it is okay for a cracker to take over a person's computer as long as the cracker's heart is in the right place.