Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worms Going Further, Faster

Posted by timothy on from the thanks-for-your-attention dept.

Major Byte writes "Rob Kolstad's MOTD (pdf) column in Usenix login; passes along a few distilled factiods from a CAIDA analysis of the 'Sappire/Slammer' Worm. When it was at full blast it was scanning over 3 billion systems per hour--a speed that 'a "better" vulnerability would have enabled infection of the entire internet in 15 minutes, a "flash worm" or a "Warhol Worm."' I think 'better' to mean 'able to infect across a lot of platforms.'"

4 of 301 comments (clear)

  1. Anatomy of the Web application worm by Anonymous Coward · · Score: 4, Informative


    http://www.cgisecurity.com/articles/worms.shtml

  2. Re:But there aren't 3 billion systems. by cyb97 · · Score: 4, Informative

    The statistics does hold, the efficiency of the worm decreases because there simply aren't enough hosts on the internet (or in IPv4 for that sake) to keep the worm busy for several hours...
    If the worm spews out X packets over Y minutes, why would it change in the Y+n next minutes ?
    Think about it yourself, the worm doesn't suddenly stop and think "hey I've infected 3 bn. systems now, I better slow down", it keeps on going, but as only a fraction of the 4 bn available addresses in IPv4 are available and globally reachable it doesn't make sense to do an exhaustive test...

  3. Re:I'm still getting pestered by Code-Red. by randyest · · Score: 4, Informative

    If you're running Apache, and it looks like you are, you can avoid logging that crap (and minimize bandwidth and CPU waste) with this minor httpd.conf change. You can also block/ban email spiders (at least ones that report their agent name truthfully, which apparently is most of them) using the info at the same link.

    --
    everything in moderation
  4. Worm Analysis paper - "prior art" by versus · · Score: 4, Informative
    This paper appears in the Proceedings of the 11th USENIX Security Symposium (Security '02)

    How to 0wn the Internet in Your Spare Time

    Interesting topics: "Better" worms techniques

    • Localized scanning--Code Red II
    • Multi-vector worms--Nimda
    • Hit-list Scanning
    • Permutation Scanning
    • Simulation of a Warhol Worm

    "A combination of hit-list and permutation scanning can create what we term a Warhol worm, capable of attacking most vulnerable targets in well under an hour, possibly less than 15 minutes. "

    --
    Brain is my second favorite organ.