By Elinor Mills Abreu

LAS VEGAS (Reuters) - Can vigilantism save computers from the next big virus threat?

Striking back against a computer that is attacking you may be illegal under U.S. law, but a security researcher says people should be allowed to neutralize one that is unwittingly spreading destructive Internet worms like Nimda.

"Arguably the biggest threat the Internet faces today is the propagation of a big worm," Timothy Mullen, chief information officer of AnchorIS Inc., based in Charleston, South Carolina.

Worms are a form of self-propagating virus that once set in motion can wreak havoc by taking control of other machines and then use these to launch attacks on the wider Internet.

"The next worm is going to happen, and it's going to be worse," Mullen said at the annual DefCon hacker conference, which started on Friday.

The defensive strategy of "strike back" is gaining some support among members of the U.S. Congress. They will be voting on a bill backed by movie and music studios that would allow retaliation to help thwart Internet piracy.

The bill, proposed by Democratic Congressman Howard Berman of California, would protect copyright holders from liability if they infuse destructive decoy digital files into peer-to-peer networks to penalize users.

Mullen said his hack back idea is different because it is designed to improve the security of cyberspace and would not harm any computer systems.

NEW WORMS DANGEROUS

The Code Red and Nimda worms that hit last year shut down corporate computer systems and gobbled up bandwidth, with Nimda becoming the most widespread and one of the most destructive worms of 2001.

To counter this, Mullen has come up with a way for machines that have been attacked but not infected to trace the worm back to the attacking machine and prevent it from spreading the worm to other computers.

Using his technique, the computer that launches an attack is paralyzed and requires an administrator to restart it, but it stays online and is not otherwise harmed, said Mullen, who is a columnist for SecurityFocus.com.

"What we're doing, (according) to the letter of the law, is illegal," he acknowledged. "I would like to see the law changed ... We've illustrated not just a reasonable recourse, but a minimal responsibility."

Contacting the administrators of infected and attacking computers is not adequate, Mullen said. "This after-the-fact stuff clearly doesn't work. I'm still getting Nimda attacks," often from the same person.

ETHICS QUESTIONED

However, several U.S. officials questioned the ethics of the idea.

"You have trespassed on their system," said Mark Eckenwiler, senior counsel at the U.S. Justice Department's computer crime division. "There are more legally acceptable ways to deal with the problem than what is essentially hacking into their system."

There also is also the possibility of hacking back at the wrong computer, said C.H. "Chuck" Chassot of the Department of Defense's Command, Control, Communications & Intelligence office.

"It is the DoD's policy not to take active measures against anybody because of the lack of certainty of getting the right person," Chassot said.

Jennifer Stisa Grannick, litigation director at the Center for Internet and Society at Stanford Law School, said she felt Mullen's idea may be protected under a self-defense provision.

"This is a type of defense of property," she said. "There is a lot of sympathy for that (kind of action) from law enforcement and vendors because we do have such a big problem with viruses."