An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities. Like its malicious counterpart, the ethical worm could propagate across networks exponentially and perform its tasks without user knowledge or consent, through a process sometimes called a drive-by download. According to some, such invasive behavior is warranted because many system administrators fail to install appropriate patches and service packs, despite knowledge of vulnerabilities and available solutions.
The deployment of ethical worms for patch distribution is frequently suggested in discussion forums, especially in the wake of a wide-ranging malicious attack. In January 2003, a worm called the SQL Slammer exploited a known buffer overflow vulnerability in Microsoft SQL 2000 server systems to cause widespread Internet outages. The attack, which may have been carried out to illustrate the problem of lax security, was launched precisely six months after Microsoft released a patch for the flaw. Had the patch been installed to vulnerable systems, the SQL Slammer attack might have had little impact.
Although installing security solutions through ethical worms would, at least, ensure they were deployed, there are concerns that the method would create more problems than it solved. According to Ed Skoudis, author of the book, "Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses," even if an ethical worm worked flawlessly, it could inadvertently cause damage because of conflicts with other programs and particular system configurations.