Feeds

Security researchers warn of worm blitzkriegs

cDc for Internet security plan

  • alert
  • submit to reddit

Security for virtualized datacentres

Security researchers are warning of the availability of more powerful virus writing techniques, which call for a more co-ordinated approach to combat next generation worms.

In a paper, How to 0wn the Internet in Your Spare Time, Stuart Staniford of Silicon Defense, Vern Paxson of the ICSI centre for internet research and Nicholas Weaver of University of California Berkeley, argue the ability of attackers to rapidly gain control of vast numbers of Internet hosts poses grave security risks. They suggest surreptitious worms, which spread more slowly but are much harder to detect, "could arguably subvert upwards of 10,000,000 Internet hosts".

On a different track they suggest worm writing techniques which could be used to create ultra-virulent worms capable of spreading so quickly that they outflank anti-virus defences. Among the techniques are hit list scanning (which creates a Warhol worm - capable of infecting numerous hosts in 15 minutes), permutation scanning (which enables self co-ordinating scanning), or flash worms (which use enormous hit lists).

Once worms have succeeded in compromising hosts they might be used in denial of service attacks, to steal sensitive information or even destabilise the Internet, according to the researchers.

The analysis is based in large part on a mathematical analysis of the spread of the Nimda and Code Red worms. The risk from the Code Red worm were greatly hyped at the time, but that's not to say that the warning of the researchers is wildly misplaced.

Every time a new virus is released it takes time to spot it, time for AV vendors to develop an antidote and time to distribute this antidote (virus signature definition file). At the industry's annual get together, Virus Bulletin, in Prague last year, concerns were expressed that this approach is in danger of becoming obsolete.

Improvements in the speed of antivirus analysis and management tools are continuing but can only go so far. Meanwhile virus writing s'kiddiots are taking full advantage of the Internet to spread their wares.

Staniford, Paxson and Weaver argue that the possible use of ultra-virulent worms calls for the cyber equivalent of the Centers for Disease Control and Prevention in the US, and they sketch out the role and functions of such an organisation.

The paper will form the basis of a more detailed presentation to be given at the Usenix Security Forum in August. ®

External Links

How to 0wn the Internet in Your Spare Time
-vs-
Why an uber-virus is an impossibility, by Rob Rosenberger of Vmyths.com

Related Stories

Altnet wakes up as worm spreads through KaZaA
Virus writers outpace traditional AV
ISS ranks Net vulnerabilities
Hybrid viruses set to become bigger threat
Firms hit in Nimda mutant outbreak
FBI blows Code Red all-clear
IT giants whacked by Code Red
The Code Red hype Hall of Shame

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.