Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Distributed Computing

Posted by michael on from the ubiquity dept.

Jeremy Erwin writes "In this whitepaper, Brandon Wiley suggests a possible design for a "superworm", a coordinated network of worm nodes. Typically worms are designed to infect as many hosts as possible, but as overly rapid growth can lead to early detection, this is a suboptimal strategy. The worm, dubbed Curious Yellow uses communication between worm nodes to ensure optimal infection rates."

3 of 207 comments (clear)

  1. Um, why?? by Glove+d'OJ · · Score: 0, Flamebait

    Um, ok, I understand that certain types of minds like to think about this kind of thing, but is it responsible for /. or any other "news"-ish source to publish links to details on it? I mean, come on---this is like the NY Times posting a "how to" on taking down planes, trains, and automobiles.

  2. Re:Don't they.. by Jucius+Maximus · · Score: 0, Flamebait
    "..already have this? I believe it's called KazaA ;)"

    Yeah, but Windows XP was proof-of-concept.

  3. ''Here are some crazy ideas I had'' by Tom7 · · Score: 1, Flamebait


    This is not a technical whitepaper. This is a dream that a college kid had about a supervirus that controlled the whole internet. It would be much more interesting if he had also dreamed up an implementation, since there are loads of difficult issues that come up when you're forced to detail this kind of idea in the way that's needed to actually write a program. Not even worrying about the obvious scaling issues (especially with regard to failure recovery), there are a bunch of assertions made in the text that are simply wrong, or at least completely unproven. Take, for instance, the statement, "The only way to protect against Curious Yellow is to inoculate every computer with an anti-worm, Curious Blue, which uses similar technology to instantly distribute security patches." (???)

    Another example is the "Security, Cryptography..." section, which is essentially just a rambling narrative of a hypothetical situation based on some messed up assumptions:

    "Due to the large size of private keys, they cannot be easily remembered and so much be stored electronically somewhere."

    Sure, but it's easy to store them encrypted with some memorizable key. That's what PGP does, for instance, and stealing the encrypted private key is pretty useless!

    Vague statements like "Using statistical analysis of the propagation of code updates, the source of updates can eventually be traced," are equally underexplained and undermotivated. It's pretty easy to get data anonymously onto the internet -- there are anonymous remailers, web proxies, usenet servers (groups.google.com), etc. I recall a worm whose creator anonymously posted cryptographically signed updates to sci.crypt (or something like that), for instance. Using an internet kiosk or setting up a free AOL account from a payphone and then using one of these would be pretty damn hard to track.

    Basically, this is nothing more than wild speculation of the sort, "Wouldn't it be cool if...!", except without the if. Give us technical details and analysis, not a barely believeable science fiction story!