Cheese beats crackers

The cheese is on the loose on the web

By BBC News Online technology correspondent Mark Ward

A helpful virus is making its way around the web, checking computers for vulnerabilities and closing them.

This code was not written with malicious intent

Cheesy message

The "cheese worm" targets computers running Linux that have been attacked by a similar, but malign, program earlier this year.

As it grows in popularity, Linux is increasingly being targeted by virus writers and malicious hackers.

But the benevolent program has not been welcomed by anti-virus companies, who say any software that makes unauthorised changes to a computer is potentially dangerous.

Roaring worm

In March this year, a malicious program known as the Lion worm was infecting Linux servers and installing backdoors that could be exploited by its creators. The worm also stole passwords and sent them to those system crackers using it as an intrusion tool.

The Linux mascot penguin: An increasingly popular target

The backdoors could be used to stage denial-of-service attacks that use a series of remotely commanded computers to bombard a target server with bogus requests. Usually, the target is overwhelmed by the stream of useless data and either crashes, or becomes unreachable by legitimate users.

Although viruses that exploit the weaknesses of Microsoft Windows are by far the most numerous, some malicious hackers have started to target the increasingly popular Linux software. This year, three viruses, the Ramen, lion, and Adore worms, have been written to attack this software.

The cheese worm attempts to repair some of the damage done by the Lion worm. It scans networks with certain net addresses until it finds one with a back door, or port, that has been opened by the Lion worm.

Wholly holey

A port is a logical, as opposed to a physical, division within a computer system. Individual web-aware programs wait for information addressed, or sent, to different ports. These can be thought of as resembling room numbers in a skyscraper, where separate companies reside on different floors inside one physical building.

Mail sent to the building will reach the firm it is addressed to, in the same way data sent to a server will be directed to a particular program.

If cheese finds a vulnerable computer, it applies a software patch to close the hole, copies itself, and then uses the healed computer to look for other networks with the same vulnerability.

The worm may have gone unnoticed but for the zeal with which it scans for vulnerabilities. System administrators who noticed hundreds of attempts to scan their machines went looking for the cause and found the cheese worm was the culprit.

The scanning attempts were reported to the Computer Emergency Response Team, which issued a security alert.

The program is known as a "worm" because it travels across a network copying itself as it goes. By contrast a "trojan" is a program that looks benign but contains a malicious payload.

Comments inside the code for the worm betray its benign intent.

One reads: "This code was not written with malicious intent". The cheese worm claims to have been created: "to stop pesky haqz0rs (hackers) messing up your box even worse than it is already".