Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Does a Spreading Worm Look Like?

Posted by CmdrTaco on from the can-i-disenchant-it-for-reagents dept.

quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."

11 of 233 comments (clear)

  1. Re:launching a windows executable from a link by justforaday · · Score: 4, Interesting

    Certainly doesn't help that it's on the "enterprisesecurity" subdomain either...

    --
    I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
  2. real plot? by moz25 · · Score: 2, Interesting

    Interesting, but I would be slightly more interested in a real-time actual plot. Do they have that available as well?

    --
    see a Text Widget
  3. Slammer/Sapphire by carambola5 · · Score: 5, Interesting

    I've already see how a worm spreads. Especially one that initially grows exponentially with a time constant of 8.5 seconds. Yes, 8.5 seconds.

    Slammer

    Pay attention to the time and infected hosts data at the bottom.

    --
    IWARS.
    People, in general, disappoint me. Politicians even more so.
  4. Anyone figure out? by doombob · · Score: 4, Interesting

    I was wondering if anyone has figured out how to write new simulations for it. This would be more interesting and useful if you could write your own simulations with your own paramaters to test how the networks you are on would compare. I tried editing the simulations that are provided but all that is affected is the speed at which the percentages change.

  5. Brek Girl Simulation by buckhead_buddy · · Score: 2, Interesting

    I like that 1970's American television ad with the cute girl who visually demonstrates exponential growth while trying to advertise something like Brek shampoo.

    "I [infected] two friends.
    And they [infected] two friends.
    And so on.
    And so on.
    And so on."

    Withe the screen splitting at each phrase and winding up with 32 versions of the cute girl, it's much more visually entertaining than this demo.

  6. Missing some factors by Shoten · · Score: 4, Interesting

    It seems like they fail to take a number of things into account with the sim. For one, when I ran the Sasser simulation, it followed a pretty straightforward and accurate progression. Things went slowly at first, and then picket up speed as time progressed.

    But within 20 days, there were no infected nodes, anywhere; as someone who works in a penetration testing lab without a firewall, I really have to say that this is not real. And within 52 days, 100% of the world was patched. What? It was more than 95% within 30 days too, and I don't believe that either. There's no accounting for new systems coming out of the box (and onto the net) without patches, and no representation for the fact that there will never, ever be 100% coverage for any patch.

    That said, it is a pretty interesting tool to see how things spread, both globally and within an organization. You just have to keep in mind that it doesn't tell the whole story.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  7. Real data: Analysis of the Witty worm by G4from128k · · Score: 3, Interesting

    /. discussed the Witty worm back in 2004. This analysis used UCSD Network Telescope IP block (containing 1/256 of IPv4 space) to sample the randomly spewed packets created by the worm. They were able to analyze quite a few interesting features, including the fact that the worm was jump-started by an infection of about 110 PCs at the outset, 24-hour cycles in infected/reinfected machines, and data on the distribution of bit-rates of worm transmitters.

    --
    Two wrongs don't make a right, but three lefts do.
  8. Speaking of spreading worms... by Anonymous Coward · · Score: 2, Interesting
    How timely this article!

    Today an internal customer asked me why Slashdot seemed to be broken. I check the firewall logs and, lo and behold, discover 66.35.250.150 triggered the firewall's IDS for tweaking port 2000/TCP.

    Why was /. poking at that port on my firewall, particularly considering what's usually there?

  9. Are you protected by Turn-X+Alphonse · · Score: 2, Interesting

    Are you protected in 2 answers

    Do you understand computers and how to run one securely? Yes/No if Yes continue, if no then you arn't.
    Is a patch finished and installed? If yes then you're fine. If no then you arn't protected.

    Obviously opening strange program files comes under number 1, but they may make it three points if you wish.

    --
    I like muppets.
  10. Re:What a spreading worm *really* looks like. by pdbogen · · Score: 2, Interesting

    Am I the only one reminded of Alpha Centauri by that picture?

  11. Unbiased? by Shook18 · · Score: 2, Interesting

    There is honestly no way that this "research" by a anti-virus company could be even remotely unbiased; they are going to exaggerate the hell out of this to make normal internet worms look like ebola.

    --
    The Tech Terminal