BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Tuesday, 22 May, 2001, 12:04 GMT 13:04 UK
Cheese beats crackers
Cheese computer virus BBC
The cheese is on the loose on the web
By BBC News Online technology correspondent Mark Ward

A helpful virus is making its way around the web, checking computers for vulnerabilities and closing them.

This code was not written with malicious intent

Cheesy message
The "cheese worm" targets computers running Linux that have been attacked by a similar, but malign, program earlier this year.

As it grows in popularity, Linux is increasingly being targeted by virus writers and malicious hackers.

But the benevolent program has not been welcomed by anti-virus companies, who say any software that makes unauthorised changes to a computer is potentially dangerous.

Roaring worm

In March this year, a malicious program known as the Lion worm was infecting Linux servers and installing backdoors that could be exploited by its creators. The worm also stole passwords and sent them to those system crackers using it as an intrusion tool.

Penguin BBC
The Linux mascot penguin: An increasingly popular target
The backdoors could be used to stage denial-of-service attacks that use a series of remotely commanded computers to bombard a target server with bogus requests. Usually, the target is overwhelmed by the stream of useless data and either crashes, or becomes unreachable by legitimate users.

Although viruses that exploit the weaknesses of Microsoft Windows are by far the most numerous, some malicious hackers have started to target the increasingly popular Linux software. This year, three viruses, the Ramen, lion, and Adore worms, have been written to attack this software.

The cheese worm attempts to repair some of the damage done by the Lion worm. It scans networks with certain net addresses until it finds one with a back door, or port, that has been opened by the Lion worm.

Wholly holey

A port is a logical, as opposed to a physical, division within a computer system. Individual web-aware programs wait for information addressed, or sent, to different ports. These can be thought of as resembling room numbers in a skyscraper, where separate companies reside on different floors inside one physical building.

Mail sent to the building will reach the firm it is addressed to, in the same way data sent to a server will be directed to a particular program.

If cheese finds a vulnerable computer, it applies a software patch to close the hole, copies itself, and then uses the healed computer to look for other networks with the same vulnerability.

The worm may have gone unnoticed but for the zeal with which it scans for vulnerabilities. System administrators who noticed hundreds of attempts to scan their machines went looking for the cause and found the cheese worm was the culprit.

The scanning attempts were reported to the Computer Emergency Response Team, which issued a security alert.

The program is known as a "worm" because it travels across a network copying itself as it goes. By contrast a "trojan" is a program that looks benign but contains a malicious payload.

Comments inside the code for the worm betray its benign intent.

One reads: "This code was not written with malicious intent". The cheese worm claims to have been created: "to stop pesky haqz0rs (hackers) messing up your box even worse than it is already".

Search BBC News Online

Advanced search options
Launch console
See also:

18 Jan 01 | Sci/Tech
Linux virus infection fears
14 May 01 | Business
Nokia chooses Linux
09 May 01 | Sci/Tech
The net takes to the air
09 May 01 | Sci/Tech
Porn virus hits computers
26 Jan 01 | Sci/Tech
Toasting the crackers
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories