Slashdot Mirror

← Back to Domains

Domain: blanu.net

Stories and comments across the archive that link to blanu.net.

Comments · 31

  1. Re:Still old-school by Anonymous Coward · · Score: 0 · on New Mayhem Malware Targets Linux and UNIX-Like Servers

    http://blanu.net/curious_yellow.html

  2. Re:Take 'em offline by Anonymous Coward · · Score: 0 · on Massive Botnet "Indestructible," Say Researchers

    Curious Yellow was suggested by Brandon Wiley back in 2002.

    It includes features like a distributed p2p network, encrypted communication, obfuscated and morphed code, updates through background traffic to avoid timing correlations. And finally, a Curious Blue antidote by the "good guys".

  3. I knew this was going to happen by Omnifarious · · Score: 4, Interesting · on Massive Botnet "Indestructible," Say Researchers

    Curious Yellow was bound to happen sooner or later. I was wondering what was taking botnet authors so long, and why they were relying on a centralized system like DNS for coordinating their bots.

  4. Re:Why is this news? by ZzzzSleep · · Score: 2, Informative · on New Russian Botnet Tries To Kill Rivals

    I'm sure we'll reach Curious Yellow at some point, just not yet.

  5. Re:Arms race by DMUTPeregrine · · Score: 1 · on Man Challenges 250,000 Strong Botnet and Succeeds

    It's been discussed since 2002, with the curious yellow whitepaper. As discussed there it can actually be more efficent in some ways than a centralized worm.

  6. Curious Yellow? by ZzzzSleep · · Score: 1 · on Using Conficker's Tricks To Root Out Infections

    Curious Yellow here we come...

  7. nothing to see here... by RyLaN · · Score: 3, Informative · on 'Friendly' Worms Could Spread Software Fixes

    http://blanu.net/curious_yellow.html/

    Brandon Wiley proposed a scenario in which a future internet would be consumed by the warfare between several (black or white) worms that feature node-coordinated efforts to prevent detection and removal. For those too lazy to read the link, "Curious Yellow" is basically a modular worm in which zero-day exploits can be added as they are discovered allowing for unchecked growth across the 'net. The worm can then work with other nodes to attack targets by dropping all their traffic, or by subtly modified whatever they receive. The best way to fight such a worm is with fire, a similarly designed "white" worm that goes around patching hosts as quickly as it can.

    IMO, remote exploits are rare enough that I don't see this ever happening. On the other hand, with enough infected bot nodes to work with the data mining potentials of some of the more sophisticated extant work networks does worry me...

  8. Curious Yellow whitepaper. by DMUTPeregrine · · Score: 1 · on The World's Biggest Botnets

    This is all converging towards the worm described in the Curious Yellow whitepaper from back in 2004. I'm frankly surprised it took this long.

  9. Lets rename them. by Anonymous Coward · · Score: 0 · on Two Worm "Families" Make Up Most Botnets

    I say we rename them.
    One should be "Curious Yellow"
    the other "Curious Blue"

    http://blanu.net/curious_yellow.html

  10. this in not new by Groghunter · · Score: 1 · on When Malware Attacks Malware

    http://blanu.net/curious_yellow.html This has been predicted for while now. I think I first read about Curious Yellow (above) 4 years ago. Still relevant today.

  11. Curious blue anyone? by Talchas · · Score: 1 · on Trojan Installs Anti-Virus, Removes Other Malware

    (See here)

  12. Re:Next opportunity by ZzzzSleep · · Score: 1 · on Eavesdropping on a Botnet

    As always in situations like this, I give a link to Curious Yellow!

  13. Re:i was under the impression by ZzzzSleep · · Score: 1 · on Microsoft Research Warn About VM-Based Rootkits
    Quoth diablomonic
    hey I just had an idea, what if you deliberately virtualised your machine in a hidden manner, so a vm rootkit trying to virtualise your os would actually be virtualising between the good VM and the OS, and the godd VM could detect and report on the bad VM :) (long way to go about it).
    Sounds like the fight between Curious Yellow and Curious Blue.

    ZzzzSleep
  14. Re:Morphing and going into hiding, more likely. by griffjon · · Score: 2, Funny · on P2P Polluter Shuts Down

    Maybe this was the real reason for Sony's rootkit -- backdoor into computers, then zombie out through them. Then the Sober worm could counteract it... we're getting closer and closer to blanu's Curious Yellow scenario every day...

  15. Re:Nematodes must live at super-root level by Kobun · · Score: 1 · on Good Network Worms Made Simple

    Reading all of this, and especially the parents comments, remind me of this http://blanu.net/curious_yellow.html paper that was published a few years ago. I enjoy reading it, anyways.

  16. Re:Next Step: Take them over. by Kobun · · Score: 1 · on Over a Million Zombie PCs

    I read a very interesting paper on this tactic/subject not too long ago. Rather than rehash the whole work, here is a link:

    http://blanu.net/curious_yellow.html

  17. Re:WOW by ricka0 · · Score: 2, Interesting · on Court Docs Reveal Kazaa Logging User Downloads

    Besides it was a major virus/etc security risk to people using it really... check out the last paragraph here.

  18. Re:Best AntiVirus? Help... by DMUTPeregrine · · Score: 1 · on New Worm Installs Sniffer

    What I'm waiting for is a virus that replicates the front end of major scanners. Everything looks fine, no viruses found, etc.

    Or an implementation of the Curious Yellow whitepaper.

  19. Re:Mailers? by DMUTPeregrine · · Score: 1 · on 'Stealth' Worm Hinders Sandbox Analysis

    This paper is also quite interesting. Distributed computing meets the worm.

  20. Re:If I were a business owner... by Coryoth · · Score: 1 · on Worms Jack Up the Total Cost of Windows

    We know what problems they've caused and how the media's gone nuts over each virus, making things seem bigger and bigger. But some old viruses were much nastier, and I sure don't hear about those types of infections anymore.

    Well, in the past several years the focus for worms and viruses has been on how quickly and efficiently they can spread rather than how much damage they can do. I guess you could sy virus writers have gotten a little more mature, and aren't out to do as much damage as possible.

    On the subject of efficiently spreading viruses and worms though, here's an interesting concept for one. It is all a bit overstated and massively exaggerates the risk, but I think some sort of semi coordinated worm will come out soon rather than the blind pounding attacks that we usually get. It will be interesting to see how things go once that is the standard for worms.

    Jedidiah.

  21. The "What if machine" by brakett · · Score: 2, Insightful · on UCB, USC To Build (And Hack) A Model Internet
    The way I understod the article, this is supposed to be a wan that can be used as a what-if-machine. This would be a way to se the results of changing widely used standards.

    What if everybody used IPv6?
    What if you had to prove your id to send mail?
    What if a Curious Yellow -like worm were realeased?
    What if.... well you get my point.

  22. It could be worse by Coryoth · · Score: 1 · on Microsoft "Swen" Worm Squiggles Into Sight

    This seems like a reasonably creative effort, but then again someone could try coding up something like this I think they overrate the real effectiveness of such a system in the description, but it certainly would be nasty if it actually coordinated its spread as effectively as they claim is possible.

    Jedidiah

  23. You ain't seen nothing yet by ralphus · · Score: 4, Interesting · on New Microsoft Worm Coming Soon?
    I've said it before, and I'll say it again. The current array of worms making the rounds on the Internet are pretty fundamentally simple worms and not much more than teenagers throwing eggs at the wall on a large scale. Blaster was crashing systems because of it's sloppy coding, it wasn't even doing damage other than eating up resources and planning on attacking MS (which it stupidly did based on DNS entry and then even the WRONG ONE).

    Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.

    I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.

    Warhol Worms

    Curious Yellow

  24. Re:absolutley not... by ralphus · · Score: 4, Informative · on Should ISPs Be The Little Man's Firewall?
    The problem with your argument is that it doesn't apply in this environment. The general public will use one OS, windows. The general public won't give a damn about securing their system. The general public will have unsecured systems. The general public is therefore a large scale problem that will make possible to exploit a large number of systems with common vulnerabilities and once they start doing damage, they can have a large scale detremential effect on the net as a whole, even to those who have protected their machines against the vulnerabilities.

    Case in point: I was not affected at all by Sobig.F directly, however I did see my mail gateways come under incredible load, my IDS's fill DB's with Sobig warnings, my users encounter endless confusion at bouncebacks from dumb virus scanners that claim we are infected since Sobig is a SMTP forger. Sobig wasted a lot of my resources and time even though it didn't infect a single one of my 1700+ users. It was rather benign though, I'm afraid of what comes next.

  25. Re:Fixed hosts don't work, but... by Elwood+P+Dowd · · Score: 1 · on P2P Spam?

    Give credit where credit is due. Check the description of the Curious Yellow worm.

    BTW, it should be more like Kazaa/Altnet than Freenet if it wants to get anything done.

    You've specified some details that Brandon Wiley left out, but really, they're all minor improvements. It's a very powerful concept that could be the end of the internet as we know it. Or not. But there you are.

  26. SuperWorms by LuYu · · Score: 1 · on RPC DCOM Cleanup Worm Appears

    I am surprised that I did not see people talking about this right off the bat. Superworms were a concept where worms/viruses would use a P2P type of organization to enhance their infections, remain undetected, and update themselves. In the original paper I read (linked from this Slasdot story), the author postulated that the eventual outcome would be to have two or maybe multiple competing worm distributors battling for control over the entire Internet. Sounds like something from James Bond.

    Are we seeing the dawn of Superworms that update our computers and themselves without our knowledge or permission?

    In the case of Windoze, I do not mind. Windoze users gave up their freedom when they paid Big Brother Bill to lobby Washington to take away their freedom. But a few or even one individual controlling the entire Internet and, by extrapolation, most if not all world communication: That is frightening.

  27. Re:Huh? by secolactico · · Score: 4, Insightful · on Fizzer Worm Uninstalling Itself

    Especially Freenet.

    Yup. Untraceable, but probably useless if you want to use machines behind nat/firewall.

    Maybe the worms could even try to keep track of each other, forming their own network, in a very low-key, low bandwidth, gnutella kind of way.

    This was the idea behind the Curious Yellow concept. It was featured on Slashdot a while ago.

  28. Re:This kind of crap will continue by RGRistroph · · Score: 2, Informative · on SDF Punted, Due to DDOS
    The "filter outgoing at border" mantra may apply to much of the current vandalism on the internet, but it's not going to stop it when administrators finally wise up and deal with it.

    Here's a few links to the next level of annoyances:

    There will be no tracking back from a single trojaned box.
  29. easy way to kill it by nounderscores · · Score: 5, Interesting · on Malicious Distributed Computing

    Sniff for packets containing the SHA1 hash of known infected nodes. Follow the links to eradicate the whole damn nest of the bastards.

    alternatively release a fake "wormcode patch" which poisons nodes after they pass it on. Such an anti-virus-virus would take the network down in less than 15 seconds.

    To be more robust, this worm has to start thinking smarter: it has to organise itself into a network of cells which are networks, rather than one big flat network. That way, only one node in each cell knows about only one node in an adjacent cell. If node A in cell 1 knows about node A' in cell 2, then when it gets compromised, it cannot betray nodes B', C' or D'.

    Get the worm to spread until it knows about x number of nodes, and then tell each node that they are suddenly the only node in a new cell, and that all their old cell buddies are just their external contacts to other cells. repeat the process until you have global domination.

    That way you can still issue orders, if you have access to the original cell, but if that cell dies, then the worm turns into many rogue cells which act on their standing orders... and any anti-virus-virus "patch" would have to start from the original cell....

  30. P2P Superworms and Curious Yellow by blanu · · Score: 1 · on Linux Worm Creating "Attack Network"
    The advent of superworms creating peer-to-peer networks which allow for easy propagation of commands to the entire network by their creator was anticipated in this Linux Journal interview and in the design for the Curious Yellow Peer-to-Peer Superworm.

    This superworm for Linux is just a first attempt at an entire genre of zero-day exploit worms which create ad-hoc peer-to-peer networks as they spread.

  31. Re:Arrested? by Don+Negro · · Score: 2 · on CodeCon: A Conference for P2P Hackers

    I doubt that'll happen to Brandon; if it does, I'll invite him over for a long weekend and brainwash him.