Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Does a Spreading Worm Look Like?

Posted by CmdrTaco on from the can-i-disenchant-it-for-reagents dept.

quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."

11 of 233 comments (clear)

  1. Re:Darn Linux by ZephyrXero · · Score: 2, Informative

    You can run virii with Wine ;)

    --
    "A truly wise man realizes he knows nothing."
  2. Torren by spadadot · · Score: 2, Informative

    Ok, it's not that useful this time, but I'm doing this to learn :)

    http://dload.digitalriviera.com/SRL_Worm_Simulator .msi.torrent

  3. Interesting article in IEEE spectrum by karvind · · Score: 5, Informative

    On similar theme, current issue of IEEE Spectrum has article on How to Hook Worms

  4. CAIDA did this for earlier worms... by m0rningstar · · Score: 4, Informative

    ... and in a WWW based format, as opposed to the executable from an AV company. I think it was two of their researchers -- Colleen Shannon and David Moore. The animation for Code Red is here .

  5. end to end linkage by Anonymous Coward · · Score: 3, Informative

    One of the reasons that worms spread exclusively on Windows is because you need end to end linkage. A simplified model is if I wanted to send a message to Kevin Bacon, I'd talk to friend A who knows an actor, who talks to Friend B, then friend C, who then talks to Kevin. If I tell someone who doesn't speak the language, the linkage is broken and my original message can no longer propogate.

    In other words, a computer can only infect other computers through being infected itself (unless if the system is just serving files). Worms can't move through unsupported systems. Once it hits OS X or Linux system, it can't move anywhere. Windows is the only OS with critical mass high enough to achieve this. Symbian for mobile devices. This is why you won't see any Windows CE worms unless if it gains in terms of marketshare.

  6. Re:msi by HaydnH · · Score: 2, Informative

    Sure: http://www.jeanhaines.com/tmp/wormSim.html

    *watches website get /.'ed!*

    Haydn.

    --
    Time is an illusion. Lunchtime doubly so. - Douglas Adams
  7. Screenshot by HaydnH · · Score: 2, Informative

    Someone above requested a screenshot, I've replied above but for those that missed the reply and can't run .msi files, here's a screenie:

    http://www.jeanhaines.com/tmp/wormSim.html

    Haydn.

    p.s: thank god I'm at work so I can open .msi files!

    --
    Time is an illusion. Lunchtime doubly so. - Douglas Adams
  8. the funny thing so far by oliderid · · Score: 2, Informative

    The funny thing so far i've seen concerning worm and viruses is the Windows media center. I was looking at a new flat TV screen in an electronic shop. They were promoting the Microsoft media center. The funny thing was a little popup window at the right of the taskbar. "Windows did not find any anti-virus software on this computer." or something like. Lol...Thanks but I prefer my good old Television. Olivier

  9. Man, this sounds familiar.. by jcr · · Score: 3, Informative

    As it happens, a friend of mine, (former boss) happens to be doing something very much along these lines.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  10. Other visualization tools by Anonymous Coward · · Score: 1, Informative

    If people are interested in another take on worm propagation monitoring and containment, have a look at http://www.intrinsicsecurity.com/.

    Disclaimer: I did some work with the folks there in past, and they are pretty sharp.

  11. Re:Mac Worms by allgood2 · · Score: 2, Informative

    First Netsky DOES NOT effect Mac OS. It can be received via email like numerous other PC viruses, but doesn't execute or cause any damage on a Mac OS X machine.

    Second, Opener/Renepo IS NOT a virus or a worm. It doesn't spread and can not self-replicate. Opener/Renepo can cause damage to a Mac OS X system, but only if the user running it has permission to run it, and grants the app permission to run and perform the damage. It can't traverse the network, spread to others machines, or run without explicit permission of the user. In that sense it's pretty much the equivalent of a user deleting their own files or running a trojan application locally.

    Obviously, if your going to write this, you could have at least spent 5 minutes getting information from any reputable anti-virus site. Symantec, Sophos, and a host of other sites, will give you the details of what OSs the virus run on,threat level, etc.