Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Does a Spreading Worm Look Like?

Posted by CmdrTaco on from the can-i-disenchant-it-for-reagents dept.

quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."

5 of 233 comments (clear)

  1. Re:launching a windows executable from a link by justforaday · · Score: 4, Interesting

    Certainly doesn't help that it's on the "enterprisesecurity" subdomain either...

    --
    I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
  2. Slammer/Sapphire by carambola5 · · Score: 5, Interesting

    I've already see how a worm spreads. Especially one that initially grows exponentially with a time constant of 8.5 seconds. Yes, 8.5 seconds.

    Slammer

    Pay attention to the time and infected hosts data at the bottom.

    --
    IWARS.
    People, in general, disappoint me. Politicians even more so.
  3. Anyone figure out? by doombob · · Score: 4, Interesting

    I was wondering if anyone has figured out how to write new simulations for it. This would be more interesting and useful if you could write your own simulations with your own paramaters to test how the networks you are on would compare. I tried editing the simulations that are provided but all that is affected is the speed at which the percentages change.

  4. Missing some factors by Shoten · · Score: 4, Interesting

    It seems like they fail to take a number of things into account with the sim. For one, when I ran the Sasser simulation, it followed a pretty straightforward and accurate progression. Things went slowly at first, and then picket up speed as time progressed.

    But within 20 days, there were no infected nodes, anywhere; as someone who works in a penetration testing lab without a firewall, I really have to say that this is not real. And within 52 days, 100% of the world was patched. What? It was more than 95% within 30 days too, and I don't believe that either. There's no accounting for new systems coming out of the box (and onto the net) without patches, and no representation for the fact that there will never, ever be 100% coverage for any patch.

    That said, it is a pretty interesting tool to see how things spread, both globally and within an organization. You just have to keep in mind that it doesn't tell the whole story.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  5. Real data: Analysis of the Witty worm by G4from128k · · Score: 3, Interesting

    /. discussed the Witty worm back in 2004. This analysis used UCSD Network Telescope IP block (containing 1/256 of IPv4 space) to sample the randomly spewed packets created by the worm. They were able to analyze quite a few interesting features, including the fact that the worm was jump-started by an infection of about 110 PCs at the outset, 24-hour cycles in infected/reinfected machines, and data on the distribution of bit-rates of worm transmitters.

    --
    Two wrongs don't make a right, but three lefts do.