Slashdot Mirror

← Back to Stories (view on slashdot.org)

Curious Yellow, Superworm

Posted by Hemos on from the destroying-the-world dept.

jpmccord writes "Brandon Wiley's white paper, Curious Yellow, explains how "a superworm -- a worm that coordinates it actions among infected hosts and launches a massive distributed denial of service attack on any hosts it can't infect using those it can" (via disLEXia, a weblog by Maximillian Dornseif). The "doomsday scenario" frightens "even us", says Dornseif. An accompanying discussion rebukes Wiley's article a bit. Aaron Swartz's light-hearted take is rather entertaining: "So go read it now and find out how you can take over the whole Internet. And if you're going to, could you give me 24 hours notice?""

16 of 167 comments (clear)

  1. Come on... by Doctor+O · · Score: 3, Insightful

    ...this was posted some days ago, I'm just too lazy to go find the link.

    --
    Who is General Failure and why is he reading my hard disk?
  2. DELETE DOUBLE STORIES by Anonymous Coward · · Score: 1, Insightful

    Sweet friggin christ. If it's a dupe, REMOVE IT.

    88 Miles an hour and shit

    1. Re:DELETE DOUBLE STORIES by llin · · Score: 2, Insightful

      Ever get the feeling that the editors don't actually read the site? :)

  3. Doomsday scenario? by Mika_Lindman · · Score: 5, Insightful

    The "doomsday scenario" frightens "even us", says Dornseif.

    Doomsday? Hey guys, it's the internet! Who's gonna die if the internet shuts down? Come on now, it's not like the next ice age or nuclear war! 99% of worlds population won't give a shit if the internet shuts down for a few days. Who cares if a bunch of nerds freak out 'cause they can't read their emails?

    The main question is, are YOU so addicted to the net, that you would use the term "doomsday", if it shuts down?

    1. Re:Doomsday scenario? by Shalome · · Score: 5, Insightful

      You apparently have no idea what the actual scope of the internet covers. Corporate and military communications, banking transactions, medical information tracking, etc, etc. Yes, we could live without the internet, but reverting to the "old fashioned" pen-and-paper snailmail transportation of information, even for short periods of time, could cost billions of dollars -- not to mention levels of annoyance it would cause in day-to-day life.

      --
      Moderation totals that amuse me for one of my posts: Flamebait=1, Insightful=2, Funny=2, Overrated=1, Underrated=1
    2. Re:Doomsday scenario? by Anonymous Coward · · Score: 2, Insightful

      The internet has already shut down in some ways. One way in particular are all forms of posted discussions that involve many people. Conversations fall into useless patterns. Some sort of artifact of our minds causing us to talk in endless loops when a large enough pool is reached. Mindless and numbing repetition. Not meant as a slight against /. but an observation from usenet, mailing lists, everything. flamewars, holy wars, and a million different and more subtle species of mindless reptitive behavior.

      It's like watching the same pieces fall from some pavlonian machine over and over again. One comment brings forth a slew of responses, all providing an identical response. In Usenet, it's horrible.

    3. Re:Doomsday scenario? by Zocalo · · Score: 5, Insightful

      Quite. There seem to be quite a few people out yelling about the "death of the Internet", much like people used to go around with sandwich boards with "The end of the world is nigh!" written on them. Perhaps they should take a few minutes and go read this rather excellent article at the Register and get a dose of reality. And after that, perhaps a re-reading of "Chicken Little" just to hammer the point home.

      --
      UNIX? They're not even circumcised! Savages!
    4. Re:Doomsday scenario? by david+duncan+scott · · Score: 3, Insightful
      The Internet (or more properly speaking, Arpanet) was created as an experiment with DoD funding. The experiment was, in Defense terms, not particularly successful, and they moved on to other ways of getting their job done, leaving the Internet to academics and, well, fools and poltroons like us.

      Did you really think that the Pentagon was letting us all play on their wires? This isn't War Games, and the military planners aren't brain-dead.

      --

      This next song is very sad. Please clap along. -- Robin Zander

  4. Mmkay... Call me stupid, but.. by Bowie+J.+Poag · · Score: 5, Insightful



    If you really think about it, the math behind such an event may not work out....My guess is, there simply aren't enough hosts on the net that are simultaneously A) succeptible to infection B) sitting on static IPs, and C) unmonitored by human eyes. All three conditions must exist in order for the worm to propogate -- If any one of those factors is absent, that particular thread of the superworm is halted. It makes the scenario described in this article practically impossible. Sure, a superworm may exist, but it would be so slow-moving and predictable that it would be no more a threat than any other form of DoS attack.

    If you really want something abstract to think about, consider this: How is this "superworm" different than, say, a non-existant website mentioned on a nationwide TV broadcast? Instead of malicious code generating the resulting network congestion, its humans -- The net result is the same -- The effect will taper off as T increases. Nothing to really worry about, in other words.

    Yeah, I know. I'm sure someones gonna come back and read this 10 years from now and want to slap me silly with a 10 lbs. trout, for my lack of forethought.. But seriously, I think these sort of stories are more along the lines of interesting fiction than they are real-world possibilities.

    Cheers,

    --
    Bowie J. Poag

    1. Re:Mmkay... Call me stupid, but.. by chrestomanci · · Score: 5, Insightful

      If you really think about it, the math behind such an event may not work out....My guess is, there simply aren't enough hosts on the net that are simultaneously A) susceptible to infection B) sitting on static IPs, and C) unmonitored by human eyes. All three conditions must exist in order for the worm to propagate -- If any one of those factors is absent, that particular thread of the superworm is halted. It makes the scenario described in this article practically impossible. Sure, a superworm may exist, but it would be so slow-moving and predictable that it would be no more a threat than any other form of DoS attack.

      IMHO, there are plenty of susceptible computers out there.

      Most internet servers, both large and small are on static IPs, and only subject to occasional human monitoring. (That is occasional, relative to this worm's speed of propagation, which is estimated to be under a minute).

      I would include my home linux box in the category of susceptible computers. It is permanently connected (ADSL), on static IP, and I only use it every day or so. It it became infected with Curious Yellow, I would be unlikely to notice for 12 hours or so, (unless my ISP phoned me), and if the worm was stealthy enough not to monopolise any resource (CPU, disc, bandwidth etc), I might not notice for weeks until someone contacted me. Considering how infectious this hypothetical worm is, 12 hours would be enough to do huge damage.

      Ask yourself if the same would apply to any permanently connected computers in your control?

      As for "susceptible to infection". Curious Yellow would be designed to use some sort of zero day exploit, so we have no idea which computers are susceptible, and it would be complacent to assume that only windows boxes are. My system runs Debian Stable, and I regularly apply the security patches, but that does not make it completely invulnerable.

      Don't be complacent, Treat the risk seriously.

    2. Re:Mmkay... Call me stupid, but.. by JustKidding · · Score: 4, Insightful
      You may have noticed that the net has a lot of servers, like webservers, dns servers, proxies and such. Those are the kind of servers that are checked like, ones a week if they don't malfunction, are online 24/7, have a static ip, lots of bandwidth, and so much traffic that a little extra will go by unnoticed. Besides that, the ability to quickly propagate code patches would make it nearly impossible to install security patches on a system that is already infected.

      There is little point in having the worms detect when to go into turbo mode, since such a command could be quickly relayed trought the network. And ofcourse there is a chance that some of the worms would switch to turbo mode prematurely, leading to early detection.

      i find the idea of the worm spidering for new hosts rather interesting; obviously, it's a nearly ideal way to find other webservers. Also, since any host on the web has a reference to a dns server, it's very easy for any worm to find at least one of those. Once a dns server is compromised, the worm has a fairly complete and realtime list of webservers, with very few bad addresses. This way, many hosts may be infected with very little host- and portscanning.

      If such a superworm would ever get out in the wild, it may be very hard or nearly impossible to stop it.

  5. Re:Biological counterpart? by indecision · · Score: 4, Insightful
    There's a (biological) virus to which humans are either immune, or not - just like any other virus.
    The people who catch it, however, are turned into attack zombies primed to attack specifically the immune humans.

    Many novels based on vampires or zombies have this idea.

    I Am Legend by Richard Matheson is a personal favourite.

    Enjoy
    indecision

  6. Re:This is a repeat ... by Naikrovek · · Score: 3, Insightful

    Agreed. This isn't a homegrown site anymore, they're paid for this.

    Surely they can take the time to write a cross-checker to see if any of the links in the submissions have been used in any previous stories, after redirects.

    Surely it can't be that hard...

  7. Re:This is a repeat ... by Anonymous Coward · · Score: 1, Insightful
    You're right, that would be a good addition to Slashcode, but the "editors" should read the site in the first place.

    I briefly browse Slashdot every day; not religiously, but skim through, and even I can spot these dupes just through memory. If someone employed here can't remember that, it's abysmal.

    I guess the point is, that's why these guys don't have professional journalism jobs. I'm not sure why they're called "editors" (seeing as they don't correct any spelling errors). Maybe "story selectors" would be more appropriate, and a system where readers moderate-up stories. Of course, this would make the editors' jobs redundant, but they don't do anything of worth at the moment.

    In short, I like Slashdot -- the comments and the stories. But they're grossly unprofessional and would have trouble finding work in real writing circles.

  8. Re:This is a repeat ... by TheTomcat · · Score: 3, Insightful

    I find it ironic that there are at least SIX virtually identical (repetitive), upmodded comments about this being a repeat story.

    Sad.

    S

  9. It's not the article that bothers me... by Anonymous Coward · · Score: 1, Insightful

    What bothers me is the ideas sparked by reading the article. In an ideal world information should be free, but in reading this I envisioned several things not mentioned in the article. Thoughts are dangerous in the wrong hands.

    There are Cyber task forces so secret no one knows about them. Governments could very well be working on something like this for cyber weapon purposes.

    The ideas represented are enough to keep a smart person up nights. There are those who could make this happen quite easily. These same people have morals and wouldn't do it. But what if those same people worked for a government and were tasked to actually do it? Or worse were radical extremists?

    Not so far fetched when you look at the creation of weapons of mass destruction. Biological, Nuclear, etc. Someone thought this stuff up and some government tasked them with making it happen!

    The point of the article was technology. However, the possibilites of using said technology are unlimited.

    There are those covert experts who don't blab about exploits. These people keep a secret and use it to their advantage when they need it. They don't go willy nilly and release a virus to expose the faults. They use these faults in a focused manner.

    Just how many of these covert experts are working for governments right now. Under blackbag operations where the money is virtually unlimited.

    Yeah I may sound like a conspiracy nut but a whole lot goes on in this world that the average person is totally unaware of. There are games of life and death being played out every day. Do we live in the dark and believe in our fantasies of security? Or do we open our eyes and ears and understand that their are stories beneath the news stories? Pick up a newspaper and read a major headline story but know in the back of your mind that it's not entirely true.

    Look at the ridiculous propaganda that Iraq publishes! Look at the Moscow Theater and the gassing of innocent hostages by the Russian government. Look at the assasination of the American diplomat in Jordan. Come on who believes that wasn't a hit? Who believes that he wasn't working for someone other than a US-AID organization? Look at the Iran Contra fiasco. Look at the super secret stealth planes that were developed over 10 years ago and only recently announced to the public.

    Every day, hour, and minute our governments wage a secret war against all other governments and terrorist organizations. I personally have a great deal of respect for those that pursue this profession as they are doing their best to protect us and our way of life.

    Knowledge is power. Thoughts can move mountains. Beliefs can be dangerous. Responsibility over dangerous thoughts is important. Hatred and fear is infectious.

    I am actually surprised we haven't become extinct yet. The fate of the world is in the hands of very few people. Fortunately, they have managed to keep us from self destructing. Let's pray that we don't keep going down these dangerous roads.

    It would not take much to end it all. A simple human mistake would be all it would take. America was two hours away from total worldwide nuclear destruction over the Cuba missile crisis. It was a different world back then, but it's even more dangerous now than it was then.

    Security is a complete illusion. Nothing more than a warm touchie feely comfort. Think those armed guards in the airports were there for anything other than making you feel safe? Remember the nut who waltzed right up to the Israeli ticket counter and blew a few people away? He was outside the security checkpoint. Try telling those that died that they were safe and secure.

    What about the sniper? That could happen anywhere, anytime. If it had been a coordinated effort by those trained to do so; it would have been much much worse.

    All this while idiotic protestors parade around against a war with Iraq. Iraq is a very dangerous country. The US government is not willing to tell anyone what it knows about Iraq. It cannot reveal certain information for security purposes. It might reveal more than it can afford to reveal. The government has released secret information to the senate, hence the decision giving the President authority to strike Iraq. This was fought long and hard by the Democrats then all of a sudden they side with the President. I suspect they have confirmed terrorist ties. I suspect they already have nuclear weapons. I believe they would actually use them.

    Anyone who thinks Iraq can be safely left to it's own devices is seriously not thinking about reality.