Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Distributed Computing

Posted by michael on from the ubiquity dept.

Jeremy Erwin writes "In this whitepaper, Brandon Wiley suggests a possible design for a "superworm", a coordinated network of worm nodes. Typically worms are designed to infect as many hosts as possible, but as overly rapid growth can lead to early detection, this is a suboptimal strategy. The worm, dubbed Curious Yellow uses communication between worm nodes to ensure optimal infection rates."

8 of 207 comments (clear)

  1. Re:Um, why?? by Anonymous Coward · · Score: 4, Insightful

    yes it is responsible, think about it. whos the people that would take down a plane. people that already know how to do it or have plans to do it. some random article is not going to make a normal person say, hey thats a good idea, why dont i try it.

    btw its called freedom of the press. they can do that. and they should do it (if they feel its appropriate, not when you think its appropriate)

  2. No need for inter-worm communications by Anonymous Coward · · Score: 5, Insightful

    It is quite simple actually. You program your worm to accept an attack range upon installation. Then you divide the IP space on every successful attack. If you start with 64 worms installs, give each worm 1/64th of the ip space to scan. Each worm would then scan/infect and pass down a smaller block. You would infect in a tree like pattern, possibly doubling up scanning efforts.

    For example:

    64 initial worms go out at /6 bit boundries. They plan on installing 64 worms each giving each sub worm /12 bit networks to scan. Then /18, /24, /30

    With a little bit more intelligence you can target the worms on major ISP DSL/Cable networks to infect the home machines.

    1. Re:No need for inter-worm communications by dabuk · · Score: 5, Insightful
      It would be quite easy for the worm to get stalled in that case. If the worm that is supposed to infect one bit of the IP space gets detected and removed or if there is anything that would stop that machine infecting its IP space (like it's firewalled) then that bit of the IP space is never going to get infected.

      But if you combined those two schemes you could get worms reporting back that they're not getting anywhere and a new worm could start on that space.

  3. Re:Um, why?? by Pedrito · · Score: 5, Insightful

    It's absolutely responsible. Why wait for it to happen when you can warn about the possibility and actually give people a chance to build a defense before someone builds the weapon?

    Besides, he's not the first person to think along these lines. Though he has a number of ideas I had never considered, I had come up with an idea for a worm that would build a peer to peer network to coordinate its activities and prevent it from spreading too quickly.

    His idea for having it update itself against anti-virus software is something I hadn't considered and is quite ingenius, I think.

    I wouldn't have ever written such a program as I have too much useful software ot write to waste my time, but I've certainly thought of ideas on how one might go about it. If I have, and he has, then chances are, so have others, and eventually someone who has the time and motivation will actually do it, so best to protect against it now.

  4. Re:Um, why?? by DarkSkiesAhead · · Score: 3, Insightful


    Law enforcement frequently publish books on how to cheat, scam, swindle. The idea is to expose techniques to the public. If we have potential weaknesses in mind we are more likely to be cautious in designing and using the systems we use.

  5. ANN's make no sense here by siskbc · · Score: 3, Insightful

    Just because nerual nets sound "smart" and we want a "smart" program doesn't mean they're appropriate here. As already mentioned, what are you going to train it with? Second, is the problem highly nonlinear? If not, simpler solutions exist. Best yet, a heuristic (set of rules) based system would make more sense. Give it a set of conditions under which it can alter its behavior - and I think that there are reasonable ways of determining such courses of action before hand.

    Remember, this thing needs to be small, not bloated.

    --

    -Looking for a job as a materials chemist or multivariat

  6. Re:I've been thinking by sopwath · · Score: 2, Insightful

    There's no need to switch to "Turbo Mode" Achord can update whenever there's a fix for the exploit. In addition, switching to turbo mode would only help raise awareness of the presence on other nodes, therefore endangering other nodes. Each node shouldn't resist being erased. It should resist any updates from a source tat doesn't contain the private key.

    Since all they have to do is keep watching for uninfected nodes, each node could wait for a code update (which includes the appropriate private key) and then work around the specific anti-worm software.

  7. Re:Of course by Jeremi · · Score: 3, Insightful
    I'd say one good way to protect against it is don't open those files named YippeeImAnIdiot.jpg.vbs


    I'll go you one further... don't use any email client that has the capability of running scripts or executables received in email.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.