Slashdot Mirror
What Does a Spreading Worm Look Like?
quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."
What Does a Spreading Worm Look Like?
This is what a spreading worm looks like.
^_^
____
~ |rip/\/\aster /\/\onkey
GNAA RESEARCH UNVEILS STARTLING DISCOVERY
Gay Nigger Research Laboratories, Kristiansand, Norway - Today, on Adolf Hitler's birthday, the top secret Gay Nigger Research Laboratories have announced a startling discovery that will shake the world.
A video recording was recovered from an abandoned Nazi bunker on the outskirts of Kristiansand (now home to the GNRL), depicting Nazi party leaders Heinrich Himmler, Hermann Göring and Adolf Hitler. Something was truly remarkable about this video however; on it, Adolf Hilter is clearly a man of African descent. After the discovery, the GNAA funded a thorough investigation. Two more videos were recovered, along with many photographs, which back up the original findings that Hitler was a nigger. Also, analysis of previously published video footage of the Führer was shown to be clearly tampered with. How anyone failed to notice this before now is beyond our comprehension. No-one else than a trained Jew and his companions could have managed to trick the world for sixty years with these simple lies.
But now the GNAA has come to the rescue.
We have revealed the Zionist lies about Führer und Reichskanzler Adolf Hitler, the lies that make him so hated. Hitler was not a white supremacist or a tyrant. He was a nigger, fighting for the freedom of all people, all races, and all religions (Jews are considered to be neither human or a legitimate religion.) The world should be thankful for the top secret gay nigger research that has been conducted to reveal this and we encourage everyone, everywhere, to Heil Hitler on his birthday.
In light of this discovery, several Jew agents were discovered rooted deep within the GNAA hierarchy. These filthy spies, apparently working from a secret location in London, England, have attempted to make the GNAA a harsh place to stay. They have randomly attacked GNAA members using cowardly tactics in an attempt to stop this important research being published. We will not be swayed however. We will be strong and united. Together we can fight international judaism and end the oppression of gay niggers everywhere.
About Adolf Hitler
Born on April 20th, 1889, Adolf Hitler was the leader of the National Army of Zionist Incarceration, who's primary objective was to imprison and eliminate as many Jews as possible. His Nazi movement gained prominance all over Europe, and he succeeded in eliminating millions of Jew parasites from the face of the planet. Unfortunately, he could not get the smell of cindered Jew flesh out of his hair, and took his own life in disgust on April 30th, 1945.
About Jews
Jews are a pungent smelling form of rat, which through evolution over many years have obtained the ability to speak. These disgusting creatures now wander around our great societies, stealing and lying as much as they can. London, England is widely known by its' nickname "The International Capital of Zionism", due to the large concentration of Jews found there. Notably, well known Jew Winston Churchill had his base of operations in London during World War II, and he spearheaded the Jewish offensive against the Nazi movement. (A quick geneanalysis suggests dcom may be related to Winston Churchill, but this may be the result of inbreeding with Londoners, who are predominantly of Jewish heritage.)
About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.
Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?
If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what y
...do you mean like this?
"A truly wise man realizes he knows nothing."
That is exactly what it looks like, a windows executable installer launched off of a web page with unknow origin.
Got Code?
Linking directly to an MSI file in a slashdot story.
Rocket science is easy. Neurosurgery, now *that's* difficult.
"So, what does a worm look like when it spreads? Install this program to find out!"
and ALT-F4 will activate "ultra mode"
-- 'The' Lord and Master Bitman On High, Master Of All
well, you had to ask
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
It's good to see the worm simulator is only slightly less platform independant than your average worm.
Perhaps Symantec figure the only ones who would want to look at a spreading worm are those most affected by it??
Don't Download It!
IT'S A VIRUS!!! ahhh watchout!
What Does a Spreading Worm Look Like?
John Ashcroft pinned to the hood of a police cruiser?
It won't even run the Microsoft Worm simulators. I'm missing out on all the fun with worms and viruses (virii).
Interesting, but I would be slightly more interested in a real-time actual plot. Do they have that available as well?
see a Text Widget
And it's a .msi file, hence Windows only.
How appropriate.
Il n'y a pas de Planet B.
You mean one that's been stepped on? It looks something like this.
Hey, at least I'm not trying to launch an executable on you.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
screenshots, anyone?
I can't believe Slashdot wants us to learn how a virus spreads by encouraging us to download an MSI executable off the home page!
That would be like me going to the doctor and having him ask me if I know how HIV is spread and then asking me to take my pants off.
It was just some dork opening various joke emails from his dorky friends.
I'm a big tall mofo.
everyone gets patched... it is boring.
Ok, it's not that useful this time, but I'm doing this to learn :)
r .msi.torrent
http://dload.digitalriviera.com/SRL_Worm_Simulato
On similar theme, current issue of IEEE Spectrum has article on How to Hook Worms
Is it just me or do others see some issues with the people who provide the cure also providing the pictures documenting the severity of the infection? Symantec, for one, has already been slammed for sounding the alarms and hyping the dangers in order to elevate the demand for their product. Now I'm to trust their software that shows dramatic footage!! of these insidious worms assaulting the world as we know it.
Next you'll probably want me to go ask the Bush camp if we should invade Iran or the Democrats if we should repeal the two term law and re-elect Clinton again. On my way I'll stop by the car dealership and see if my current car is okay or if I should get a new one just to be safe.
You must be the change you wish to see in the world - Ghandi
I guess it's a nifty little cute program in a non-technical sense. But I see nothing more here than a program that (at least seemingly) arbitrarily places a red dot on a spinning globe biased to developed nations along a timeline where you can load up various "different worms" which frankly all look the same. I would say this is one step up from a clunky/dorky flash. It would have been nice if it was at all a little bit more technical.
I've been reading (and occasionally posting) to Slashdot for years.
.MSI file has convinced me that you are now just a bunch of clueless morons.
However this farcical link to a
Goodbye.
Agent USA was the original virus simulator. It was a game for the Atari 800 in 1985.
"He's lost in a 'floyd hole"
Running OS X 10.3.9, I get:
1. "No default application specified for SRL_Worm_Simulator.msi"
2. "Cannot play back the file. File format is invalid"
[Is SRI hinting at something???]
--- Attorneys Assisting Citizen-Soldiers & Families -
I've already see how a worm spreads. Especially one that initially grows exponentially with a time constant of 8.5 seconds. Yes, 8.5 seconds.
Slammer
Pay attention to the time and infected hosts data at the bottom.
IWARS.
People, in general, disappoint me. Politicians even more so.
... and in a WWW based format, as opposed to the executable from an AV company. I think it was two of their researchers -- Colleen Shannon and David Moore. The animation for Code Red is here .
Comment removed based on user account deletion
One of the reasons that worms spread exclusively on Windows is because you need end to end linkage. A simplified model is if I wanted to send a message to Kevin Bacon, I'd talk to friend A who knows an actor, who talks to Friend B, then friend C, who then talks to Kevin. If I tell someone who doesn't speak the language, the linkage is broken and my original message can no longer propogate.
In other words, a computer can only infect other computers through being infected itself (unless if the system is just serving files). Worms can't move through unsupported systems. Once it hits OS X or Linux system, it can't move anywhere. Windows is the only OS with critical mass high enough to achieve this. Symbian for mobile devices. This is why you won't see any Windows CE worms unless if it gains in terms of marketshare.
I was wondering if anyone has figured out how to write new simulations for it. This would be more interesting and useful if you could write your own simulations with your own paramaters to test how the networks you are on would compare. I tried editing the simulations that are provided but all that is affected is the speed at which the percentages change.
Couldnt view that as my firewall stopped it.
Symantec has issued yet another warning that the world will end as soon as all the worms and viruses unite against true carbon-based life forms. Symantec CEO John W. Thompson was quoted as saying, "If people would have heeded all our warnings about the coming war between reality and virtual reality we would not be headed for certain doom." At that point he started crying as his company's stock soared to record highs.
Up next, Symantec issues a warning to the Mac/UNIX community saying that their computers are too safe from Windows-based viruses. "We can no longer support operating systems that flaunt their security in face of corporate IT managers everywhere when millions of starving children are dying of malnutrition."
The Weekly World News news service will be right back after this message from our sponsor, Symantec. Ensuring your fear, uncertainty and doubt since 1982.
Some genius haxx0r is toying around in the lab, writing a simulated virus. There's no way it can get out to the wild, of course. The thing's just for study.
Then he spills his coffee and within a few hours everyone gets to study it.
This one just spreads through blogs. Want to see a neat virus demo? Click here!
sigs, as if you care.
Since many think they write most of them anyway.
Spectators cheered as entire Cambodian Midget Fighting League squared off against African Lion Tickets had been sold-out three weeks before the much anticipated fight, which took place in the city of Kâmpóng Chhnãng. The fight was slated when an angry fan contested Yang Sihamoni, President of the CMFL, claiming that one lion could defeat his entire league of 42 fighters. Sihamoni takes great pride in the league he helped create, as was conveyed in his recent advertising campaign for the CMFL that stated his midgets will "... take on anything; man, beast, or machine." This campaign is believed to be what sparked the undisclosed fan to challenge the entire league to fight a lion; a challenge that Sihamoni readily accepted. An African Lion (Panthera Leo) was shipped to centrally located Kâmpóng Chhnãng especially for the event, which took place last Saturday, April 30, 2005 in the city's coliseum. The Cambodian Government allowed the fight to take place, under the condition that they receive a 50% commission on each ticket sold, and that no cameras would be allowed in the arena. The fight was called in only 12 minutes, after which 28 fighters were declared dead, while the other 14 suffered severe injuries including broken bones and lost limbs, rendering them unable to fight back. Sihamoni was quoted before the fight stating that he felt since his fighters out-numbered the lion 42 to 1, that they "... could out-wit and out-muscle [it]." Unfortunately, he was wrong.
I like that 1970's American television ad with the cute girl who visually demonstrates exponential growth while trying to advertise something like Brek shampoo.
"I [infected] two friends.
And they [infected] two friends.
And so on.
And so on.
And so on."
Withe the screen splitting at each phrase and winding up with 32 versions of the cute girl, it's much more visually entertaining than this demo.
Tell me Symantec hasn't trademarked a shade of yellow.
The Worm Simulator will be rolled out initially to members of the Symantec Sales organization for demonstrations to enterprise customers. In addition, the Worm Simulator could become a future television star during news coverage of worm outbreaks, enabling viewers to watch a virus as it spreads. Symantec Security Response intends to use the simulator for TV appearances as well.
Translation:
We invented a new, computer-assisted sales pitcher. It could also be used as a FUD spreader on TV.
Just
... is this the reason why they always hype up outbreaks?? Things are starting to make sense now ...
It seems like they fail to take a number of things into account with the sim. For one, when I ran the Sasser simulation, it followed a pretty straightforward and accurate progression. Things went slowly at first, and then picket up speed as time progressed.
But within 20 days, there were no infected nodes, anywhere; as someone who works in a penetration testing lab without a firewall, I really have to say that this is not real. And within 52 days, 100% of the world was patched. What? It was more than 95% within 30 days too, and I don't believe that either. There's no accounting for new systems coming out of the box (and onto the net) without patches, and no representation for the fact that there will never, ever be 100% coverage for any patch.
That said, it is a pretty interesting tool to see how things spread, both globally and within an organization. You just have to keep in mind that it doesn't tell the whole story.
For your security, this post has been encrypted with ROT-13, twice.
Not only is an animated GIF not a virus, but it's not some scare tactic windows program by an anti-virus company.
To keep this from being a pointless "mod up" post,
The full article is http://www.caida.org/analysis/security/sapphire/
/. discussed the Witty worm back in 2004. This analysis used UCSD Network Telescope IP block (containing 1/256 of IPv4 space) to sample the randomly spewed packets created by the worm. They were able to analyze quite a few interesting features, including the fact that the worm was jump-started by an infection of about 110 PCs at the outset, 24-hour cycles in infected/reinfected machines, and data on the distribution of bit-rates of worm transmitters.
Two wrongs don't make a right, but three lefts do.
Today an internal customer asked me why Slashdot seemed to be broken. I check the firewall logs and, lo and behold, discover 66.35.250.150 triggered the firewall's IDS for tweaking port 2000/TCP.
Why was /. poking at that port on my firewall, particularly
considering
what's usually there?
Are you protected in 2 answers
Do you understand computers and how to run one securely? Yes/No if Yes continue, if no then you arn't.
Is a patch finished and installed? If yes then you're fine. If no then you arn't protected.
Obviously opening strange program files comes under number 1, but they may make it three points if you wish.
I like muppets.
If it's gonna be a marketing pitch, they should at least make it PowerPoint so the people that try to get money to buy the solutions can make it management friendly... A few slides, some small buzzwords and presto! People get funding! Makes me crazy...Crazier. Whatever.
"It is a miracle that curiosity survives formal education." -Albert Einstein
And like most worms it's only available on Windows.
A linux binary that could chmod +x itself, and then execute? Preferently as root, so it can open a port in the iptables firewall? :-) Yeah, I didn't think so either.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
With THOUSANDS of open platform, AND PISS COCKTAIL. Do, and with any po4ulation as weel 7000 users of
Don;t open the link, it will wipe your hard drive and steal all your passwords, empty your bank account and blow up your monitor and printer...
Seriously, this is exactly how this shit spreads - get someone to download something "cool" - one reason why I never get crack patches from the warez sites...
And the people shall be oppressed, every one by another, and every one by his neighbour Isaiah 3:5
What does a spreading Worm Simulator look like?
Thanks to the Slashdot effect, I think we're gonna find out.
-S
Sound of a worm going through MS security after you click on an MSI installer.
One line blog. I hear that they're called Twitters now.
The Goatse.cx guy was called worm?
I wish I was not. That would explain why 30% of all email is Sober at the moment. As it is now, booze is not to blame.
Sober, installs itself by tricking naive people in opening the Trojan disguised as
Sorta like the MSI link in this article....
I wonder, will I get drunk when opening it on my Windows 2003 Terminal Server?
If so, I might be inclined.
EFNet servers. Darren Reed, which THE TIME TO MEET FreeBSD is already is 8ired In an YOUR OWN BEER
well, try that one: http://www.darwinia.co.uk/ it's a game, ok. but there is a demo and if you ever wondered what is really happening when you start your fav antivir-O-mat, try it.
"The future is here. It's just not widely distributed yet." [William Gibson]
When Symantec software spreads like a worm from local distribution chains, ( BestBuy, Staples, FutureShop etc. ), demand for computer repair goes up.
Why?
Because their software breaks every machine it touches.
Worse, the computers they are installed on have not just one Virus, but many.
I tell my customers its like selling a condom with a hole in it.
You could have had so much more fun without the protection they weren't providing in the first place.
A false sense of security is worse than no security at all.
I for one welcome our new worm overlords!
Since it seems to be down, I've mirrored the simulation.
0 rm_S1mul470r.msi
http://thisurlissafenoreally.haxxxsukkar.cx/SRL_W
Someone above requested a screenshot, I've replied above but for those that missed the reply and can't run .msi files, here's a screenie:
.msi files!
http://www.jeanhaines.com/tmp/wormSim.html
Haydn.
p.s: thank god I'm at work so I can open
Time is an illusion. Lunchtime doubly so. - Douglas Adams
Could they have used a few more shades of grey? I mean, how are you ever supposed to use a visual tool if three of your indicators all look the same (white, light grey, dark grey in very small boxes).
"Windows is the only OS with critical mass high enough to achieve this. Symbian for mobile devices. This is why you won't see any Windows CE worms unless if it gains in terms of marketshare."
The Witty worm could only infect Windows machines running a specific version of specific firewall software. The vulnerable population was about 12000 machines worldwide. It infected virtually the entire vulnerable population in under an hour.
If/when there's a worm for MacOS X or Linux, there will be more than enough machines to spread it far and wide.
I rarely criticize things I don't care about.
I was hoping for the ability to tweak a worm's parameters (infection rate, pool of vulnerable hosts, etc) and see how the infection rate changes....no such luck i guess, this is more like an animated gif or something. Several of the worms do look alot the same but Slammer and Sobig do seem to be distinct.
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
I did some research on worms in school. Here's a report, and here's a presentation.
now we need a way to simulate skynet, pending its future release
The funny thing so far i've seen concerning worm and viruses is the Windows media center. I was looking at a new flat TV screen in an electronic shop. They were promoting the Microsoft media center. The funny thing was a little popup window at the right of the taskbar. "Windows did not find any anti-virus software on this computer." or something like. Lol...Thanks but I prefer my good old Television. Olivier
"Click this link, and you'll find out!"
Woa. I thought the article's title was "What Does a Spreading Woman Look Like?"
Good luck with that.
It looks like the entire continet of Africa is running Macs.
There is honestly no way that this "research" by a anti-virus company could be even remotely unbiased; they are going to exaggerate the hell out of this to make normal internet worms look like ebola.
The Tech Terminal
Am I the only one who read "What does a speeding worm look like?"
I run linux so I can't run the program. I would like to ask if the spread of a worm is similar to the spread of an epidemic and if the same technique (agent-based, cellular automata) is used to simulate both?
What real purpose does this simulation serve?
Have you ever had the sales FUD speel from a double-glazing/insurance/encyclopedia salesman?
Well this Symantec's FUD gimmick.
To the layman it looks pretty, it looks realistic. It's full of 'scary' statistics.
But how does this help me protect my network? How does it make me more secure?
Symantec are also being irresponsible by helping the worm/virus writing community chart the course of their creations. (This is documented behaviour).
One more thing...it'll be another 'claim to fame' trophy for worm/virus writers to have their creation appear in Symantec simulations.
Sorry, I have to cut this post short, but I must go to buy my security from Symantec _right_now_ before the world implodes.
goatse.cx?
http://xs4.xs.to/pics/04481/p556222.gif
It's CmdrTaco's worm tracker program. If this worm makes it to 500,000 of your friends in an hour then Taco will give everyone it reaches $100 and send us all to DisneyWorld!
Why, oh why, didn't I take the Blue Pill?
Mickeysoft doesn't distribute anything nowday's that isn't SP2.
You might find XP in some bargain bin somewhere though.
Thanks alot. C'mon...
JoloK
As it happens, a friend of mine, (former boss) happens to be doing something very much along these lines.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
From McAfee...
;)
--snip--
WARNING: SRL_Worm_Simulator.msi is infected with the W32/WormSimulator.B@mm virus!
ACTION: Clean/Delete threat.
It looks like you're attempting to run a competitor's program. Stop it, you insensitive clod.
--snip--
That was a weird virus warning I got when I downloaded that
I bet that the simulation shows companies with Symantec products are vastly better protected...
If people are interested in another take on worm propagation monitoring and containment, have a look at http://www.intrinsicsecurity.com/.
Disclaimer: I did some work with the folks there in past, and they are pretty sharp.
It would be interesting to use this tool to model spreads of other things, i.e. progress of a new brand or a new band. You could change the model files to be equivalent to the current spread of Firefox for example, then use it to predict future downloads. Anyone know how to change the files? They look quite simple, but I don't have any way of opening them apart form wordpad...
What Does a Spreading Worm Look Like? With pictures?
Sounds like worm pr0n to me...
Let's see. How does a spreading worm look? Perhaps it looks like users blindly downloading an EXECUTABLE program for Windows after essentially being told that "this is a safe download" becuase it is linked to from the front page a major website.
I'm not sure whether to laugh or cry at the humor or the irony.
If this thing is a virus that Norton has preprogrammed its antivirus product to ignore, I'll be laughing myself into an early grave...
i hate the globe part of the program. it's bad interface imo. all the fun stuff happens when i'm stuck on part of the ocean. should've made a pause button and rotate left/right for the globe.
HD Trailers
When you people get some real experience under your belt, you'll know that the MAC OS *can* indeed by hit by worms. Opener/renepo and Netsky come immediately to mind, but there are others.
Poor, poor naive Mac owners...
do exist. Netsky and Opener, for starters...
It really suprises me that Symantec would release a friggin MSI package and not digitally sign it. Without that there's no way to know if Symantec even made this.
After downloading, installing and running this does it popup a message in big red letters saying "THIS IS HOW A WORM SPREADS!"?
There used to be a live virus flash animation on their site where it would show you what countries worm emails was being picked up in. On the left hand side, they had a list of big worm outbreaks and would play through the outbreak and show infected regions. Very nice demo, but it looks like it's no longer - http://www.messagelabs.com/viruseye/threats/ now brings you to their home page.
Just some globe and a grid hardly shows how serious worms spread over the internet. Here you can see at least how Slashdot gets infested with worms: http://www.netdisaster.com/go.php?mode=worms&url=h ttp://www.slashdot.org
Calling it a 'worm' implies, through omission, that it affects other platforms. It goes without saying that worms and viruses are largely the domain of MS, however to generate useful discussion and or viable solutions, it does need to be pointed out explicitly, especially in the healines. Many people read only the headlines.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Xbill, anyone?