Curious Yellow, Superworm

← Back to Stories (view on slashdot.org)

Posted by Hemos on Monday October 28, 2002 @10:46PM from the destroying-the-world dept.

jpmccord writes "Brandon Wiley's white paper, Curious Yellow, explains how "a superworm -- a worm that coordinates it actions among infected hosts and launches a massive distributed denial of service attack on any hosts it can't infect using those it can" (via disLEXia, a weblog by Maximillian Dornseif). The "doomsday scenario" frightens "even us", says Dornseif. An accompanying discussion rebukes Wiley's article a bit. Aaron Swartz's light-hearted take is rather entertaining: "So go read it now and find out how you can take over the whole Internet. And if you're going to, could you give me 24 hours notice?""

5 of 167 comments (clear)

Min score:

Reason:

Sort:

Doomsday scenario? by Mika_Lindman · 2002-10-28 22:58 · Score: 5, Insightful

The "doomsday scenario" frightens "even us", says Dornseif.

Doomsday? Hey guys, it's the internet! Who's gonna die if the internet shuts down? Come on now, it's not like the next ice age or nuclear war! 99% of worlds population won't give a shit if the internet shuts down for a few days. Who cares if a bunch of nerds freak out 'cause they can't read their emails?

The main question is, are YOU so addicted to the net, that you would use the term "doomsday", if it shuts down?
1. Re:Doomsday scenario? by Shalome · 2002-10-28 23:11 · Score: 5, Insightful
  
  You apparently have no idea what the actual scope of the internet covers. Corporate and military communications, banking transactions, medical information tracking, etc, etc. Yes, we could live without the internet, but reverting to the "old fashioned" pen-and-paper snailmail transportation of information, even for short periods of time, could cost billions of dollars -- not to mention levels of annoyance it would cause in day-to-day life.
  
  --
  Moderation totals that amuse me for one of my posts: Flamebait=1, Insightful=2, Funny=2, Overrated=1, Underrated=1
2. Re:Doomsday scenario? by Zocalo · 2002-10-28 23:52 · Score: 5, Insightful
  
  Quite. There seem to be quite a few people out yelling about the "death of the Internet", much like people used to go around with sandwich boards with "The end of the world is nigh!" written on them. Perhaps they should take a few minutes and go read this rather excellent article at the Register and get a dose of reality. And after that, perhaps a re-reading of "Chicken Little" just to hammer the point home.
  
  --
  UNIX? They're not even circumcised! Savages!
Mmkay... Call me stupid, but.. by Bowie+J.+Poag · 2002-10-28 23:16 · Score: 5, Insightful

If you really think about it, the math behind such an event may not work out....My guess is, there simply aren't enough hosts on the net that are simultaneously A) succeptible to infection B) sitting on static IPs, and C) unmonitored by human eyes. All three conditions must exist in order for the worm to propogate -- If any one of those factors is absent, that particular thread of the superworm is halted. It makes the scenario described in this article practically impossible. Sure, a superworm may exist, but it would be so slow-moving and predictable that it would be no more a threat than any other form of DoS attack.

If you really want something abstract to think about, consider this: How is this "superworm" different than, say, a non-existant website mentioned on a nationwide TV broadcast? Instead of malicious code generating the resulting network congestion, its humans -- The net result is the same -- The effect will taper off as T increases. Nothing to really worry about, in other words.

Yeah, I know. I'm sure someones gonna come back and read this 10 years from now and want to slap me silly with a 10 lbs. trout, for my lack of forethought.. But seriously, I think these sort of stories are more along the lines of interesting fiction than they are real-world possibilities.

Cheers,

--
Bowie J. Poag
1. Re:Mmkay... Call me stupid, but.. by chrestomanci · 2002-10-28 23:37 · Score: 5, Insightful
  
  If you really think about it, the math behind such an event may not work out....My guess is, there simply aren't enough hosts on the net that are simultaneously A) susceptible to infection B) sitting on static IPs, and C) unmonitored by human eyes. All three conditions must exist in order for the worm to propagate -- If any one of those factors is absent, that particular thread of the superworm is halted. It makes the scenario described in this article practically impossible. Sure, a superworm may exist, but it would be so slow-moving and predictable that it would be no more a threat than any other form of DoS attack.
  
  IMHO, there are plenty of susceptible computers out there.
  
  Most internet servers, both large and small are on static IPs, and only subject to occasional human monitoring. (That is occasional, relative to this worm's speed of propagation, which is estimated to be under a minute).
  
  I would include my home linux box in the category of susceptible computers. It is permanently connected (ADSL), on static IP, and I only use it every day or so. It it became infected with Curious Yellow, I would be unlikely to notice for 12 hours or so, (unless my ISP phoned me), and if the worm was stealthy enough not to monopolise any resource (CPU, disc, bandwidth etc), I might not notice for weeks until someone contacted me. Considering how infectious this hypothetical worm is, 12 hours would be enough to do huge damage.
  
  Ask yourself if the same would apply to any permanently connected computers in your control?
  
  As for "susceptible to infection". Curious Yellow would be designed to use some sort of zero day exploit, so we have no idea which computers are susceptible, and it would be complacent to assume that only windows boxes are. My system runs Debian Stable, and I regularly apply the security patches, but that does not make it completely invulnerable.
  
  Don't be complacent, Treat the risk seriously.