Editing Computer worm (section)

==Helpful worms==
A '''helpful worm''' or '''anti-worm''' is a worm designed to do something that its author feels is helpful, though not necessarily with the permission of the executing computer's owner. Beginning with the first research into worms at [[Xerox PARC]], there have been attempts to create useful worms. Those worms allowed [[John Shoch]] and Jon Hupp to test the [[Ethernet]] principles on their network of [[Xerox Alto]] computers.<ref>{{Cite journal|last1=Shoch|first1=John|last2=Hupp|first2=Jon|date=Mar 1982|title=The "Worm" Programs - Early Experience with a Distributed Computation|url=https://vx-underground.org/archive/VxHeaven/lib/ajm01.html|journal=Communications of the ACM|volume=25|issue=3|pages=172–180|doi=10.1145/358453.358455|s2cid=1639205|doi-access=free}}</ref> Similarly, the [[Nachi worm|Nachi]] family of worms tried to download and install patches from Microsoft's website to fix vulnerabilities in the host system by exploiting those same vulnerabilities.<ref>{{cite web|title=Virus alert about the Nachi worm|url=http://support.microsoft.com/kb/826234|publisher=Microsoft}}</ref> In practice, although this may have made these systems more secure, it generated considerable network traffic, rebooted the machine in the course of patching it, and did its work without the consent of the computer's owner or user. Regardless of their payload or their writers' intentions, security experts regard all worms as [[malware]]. Another example of this approach is [[Roku OS]] patching a bug allowing for Roku OS to be rooted via an update to their screensaver channels, which the screensaver would attempt to connect to the telnet and patch the device.<ref>{{cite web | url=https://github.com/llamasoft/RootMyRoku#:~:text=In%20the%20past%2C%20Roku%20has%20taken%20some%20creative%20measures%20to%20forcefully%20patch%20jailbroken%20devices.%20One%20such%20example%20was%20an%20update%20to%20the%20screensaver%20channel%20that%20would%20check%20for%20a%20telnet%20service%2C%20connect%20to%20it%2C%20and%20command%20it%20to%20un%2Droot%20and%20update%20the%20device. | title=Root My Roku | website=[[GitHub]] }}</ref>

One study proposed the first computer worm that operates on the second layer of the [[OSI model]] (Data link Layer), utilizing topology information such as [[Content-addressable memory]] (CAM) tables and Spanning Tree information stored in switches to propagate and probe for vulnerable nodes until the enterprise network is covered.<ref name="semiauto_worm">{{Cite book | doi = 10.1109/ISCC.2010.5546723| chapter = A link-layer-based self-replicating vulnerability discovery agent| title = The IEEE symposium on Computers and Communications| pages = 704| year = 2010| last1 = Al-Salloum | first1 = Z. S. | last2 = Wolthusen | first2 = S. D. | isbn = 978-1-4244-7754-8| s2cid = 3260588}}</ref>

Anti-worms have been used to combat the effects of the [[Code Red (computer worm)|Code Red]],<ref>{{Cite web|url=http://www.vnunet.com/News/1125206|title=vnunet.com 'Anti-worms' fight off Code Red threat|date=Sep 14, 2001|archive-url=https://web.archive.org/web/20010914021701/http://www.vnunet.com/News/1125206|archive-date=2001-09-14}}</ref> [[Blaster worm|Blaster]], and [[Santy]] worms. [[Welchia]] is an example of a helpful worm.<ref name="Welch">{{cite book | title=The Welchia Worm| date=December 18, 2003|page=1| url=http://www.giac.org/paper/gcih/517/welchia-worm/105720| access-date=9 June 2014}}</ref> Utilizing the same deficiencies exploited by the [[Blaster worm]], Welchia infected computers and automatically began downloading [[Microsoft]] security updates for [[Microsoft Windows|Windows]] without the users' consent. Welchia automatically reboots the computers it infects after installing the updates. One of these updates was the patch that fixed the exploit.<ref name="Welch"/>

Other examples of helpful worms are "Den_Zuko", "Cheeze", "CodeGreen", and "Millenium".<ref name="Welch"/>

Art worms support artists in the performance of massive scale ephemeral artworks. It turns the infected computers into nodes that contribute to the artwork.<ref>{{Cite journal |last=Aycock |first=John |date=2022-09-15 |title=Painting the Internet |url=https://muse.jhu.edu/article/236371/pdf |journal=Leonardo |volume=42 |issue=2 |pages=112–113 |via=MUSE}}</ref>