Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worms Going Further, Faster

Posted by timothy on from the thanks-for-your-attention dept.

Major Byte writes "Rob Kolstad's MOTD (pdf) column in Usenix login; passes along a few distilled factiods from a CAIDA analysis of the 'Sappire/Slammer' Worm. When it was at full blast it was scanning over 3 billion systems per hour--a speed that 'a "better" vulnerability would have enabled infection of the entire internet in 15 minutes, a "flash worm" or a "Warhol Worm."' I think 'better' to mean 'able to infect across a lot of platforms.'"

6 of 301 comments (clear)

  1. Equation for a good worm by Renraku · · Score: 5, Interesting

    A good set of vulnerabilities across multiple hardware configurations and OSes is a great start. An interesting idea would be to sync the worms up based upon a reading from a certain timezone on time.gov. Make them start scanning all IPs for vulnerable, uninfected machines at the same time. So not only do you get the chance to infect, but you DDoS. Fun stuff. Also, you could make it infect unprotected routers and give the virus 'priority' in transmissions, etc, etc.

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  2. Re:Why do delinquents bother? by Read+Icculus · · Score: 5, Interesting

    Maybe the "delinquents" are actually pretty damn smart. Smart enough to not get caught because they take proper security precautions. Like others have said this worm was a pretty smooth little hack. All over UDP and in a single packet. Anyway at least when a worm like this comes along people start paying attention to actually fixing the problem. If no one exploited the vulnerability then folks like MS might never get around to fixing it. When something like this is front-page news and on CNN normal folks sit up and take notice. Maybe enough notice to try and make their systems more secure, or perhaps switch to a more secure preogram/OS. Not that I like viruses and worms, quite the opposite is true. I remember when my ISP got a worm, (Code Red I think), and infected me. The incident certainly made me more security conscious, and I now have a new ISP that I hope has more of a clue than my old one.

    --
    Anti-social? My code is just platform-specific.
  3. Re:Why do delinquents bother? by PetiePooo · · Score: 5, Interesting

    Not to nitpick, but the SQL Slammer worm appeared to be written in assembly. It is quite interesting to read through the source. [alt] [alt]

    While the PRNG isn't of the highest quality, its brevity is what allowed it to spread so quickly. An infected system was sending out packets as fast as the outbound pipe could handle it. A smaller virus, even by a few bytes, would mean that much faster of an infection rate.

    By and large, you're right about VBScript making for simple virii, but this isn't the one to use as an example.

  4. Re:Oh no! Shut the Interweb off! by pixelgeek · · Score: 5, Interesting

    -- There is no patch for human carelessness.

    The user isn't always to blame. What about the software developers who don't take even minimal efforts to protect their scripting systems?

    Yes, there will always be someone who will open attachments no matter how often you tell them not to.

    But perhaps the root issue isn't the fellow who can't stop clicking on Fireworks.exe files but the OS and application developers who enable and then don't patch systems that allow those users to be so easily exploited.

  5. Re:If it's so easy to write one... by FLoWCTRL · · Score: 5, Interesting

    There was a lot of speculation in the security community that this is effectively what the "Slammer" worm was -- a non-malicous worm that forced everyone to patch their software. Remember that although this worm could have executed any code it wanted on all of those hosts, it had no malicious payload. All it did was propogate itself. The DoS effect was just a result of the massive increase in network traffic from its propogation. It could have been way, way worse.

    --
    http://oss.netmojo.ca

  6. a call to the white hats? by Vaughn+Anderson · · Score: 5, Interesting

    Hey, when is someone going to be nice enough to the world to make a purty li'l worm that actually shuts off all the security features that are exploited in Outlook...

    I am sure there are plenty of reasons not to do this, but if you asked the person politely like.

    "Hello, this is your friendly internet virus fighter coming to say hello and give you a hand! Would you like to turn off the features now that allowed me to hack into your computer?
    | Yes | No |"

    *click*

    "Thank you and have a nice day! If I come back again that means a new hole/exploit was found in Outlook and I can give you another helping hand!"