Nortel Networks yesterday revealed the anti-computer worm defences it had developed in-house after it was hit hard by last year"s outbreaks of Nimda and Code Red 2.
According to John Morris, an IT manager at Nortel Networks, the anti-worm system could help large institutions and even ISPs. He challenged vendors to develop a commercial equivalent to the bespoke system designed by Nortel.
When Nortel was hit by Code Red 2, the outbreak was manageable - for the first 30 minutes, following which the worm spread exponentially. The spread of Code Red 2 was curtailed only when the worm ran out of worm food (vulnerable servers to infect) and as its actions pulled down the network services it needed to propagate.
Speaking at the Virus Bulletin Conference in New Orleans yesterday, Norris said no single strategy is enough to constitute an effective countermeasure for the spread of such worms.
AV tools and personal firewalls can mitigate the risk against spreading worm, software patching restricts exposure and traffic filtering and tarpitting help slow down the spread on malware, but even all three on their own are not enough.
Shutting down port 80 traffic in a network as a cure may allow other traffic, such as email, to continue across a network but represents a cure worse than the disease from the point of view of many end-users.