Feeds

Security researchers warn of worm blitzkriegs

cDc for Internet security plan

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

Security researchers are warning of the availability of more powerful virus writing techniques, which call for a more co-ordinated approach to combat next generation worms.

In a paper, How to 0wn the Internet in Your Spare Time, Stuart Staniford of Silicon Defense, Vern Paxson of the ICSI centre for internet research and Nicholas Weaver of University of California Berkeley, argue the ability of attackers to rapidly gain control of vast numbers of Internet hosts poses grave security risks. They suggest surreptitious worms, which spread more slowly but are much harder to detect, "could arguably subvert upwards of 10,000,000 Internet hosts".

On a different track they suggest worm writing techniques which could be used to create ultra-virulent worms capable of spreading so quickly that they outflank anti-virus defences. Among the techniques are hit list scanning (which creates a Warhol worm - capable of infecting numerous hosts in 15 minutes), permutation scanning (which enables self co-ordinating scanning), or flash worms (which use enormous hit lists).

Once worms have succeeded in compromising hosts they might be used in denial of service attacks, to steal sensitive information or even destabilise the Internet, according to the researchers.

The analysis is based in large part on a mathematical analysis of the spread of the Nimda and Code Red worms. The risk from the Code Red worm were greatly hyped at the time, but that's not to say that the warning of the researchers is wildly misplaced.

Every time a new virus is released it takes time to spot it, time for AV vendors to develop an antidote and time to distribute this antidote (virus signature definition file). At the industry's annual get together, Virus Bulletin, in Prague last year, concerns were expressed that this approach is in danger of becoming obsolete.

Improvements in the speed of antivirus analysis and management tools are continuing but can only go so far. Meanwhile virus writing s'kiddiots are taking full advantage of the Internet to spread their wares.

Staniford, Paxson and Weaver argue that the possible use of ultra-virulent worms calls for the cyber equivalent of the Centers for Disease Control and Prevention in the US, and they sketch out the role and functions of such an organisation.

The paper will form the basis of a more detailed presentation to be given at the Usenix Security Forum in August. ®

External Links

How to 0wn the Internet in Your Spare Time
-vs-
Why an uber-virus is an impossibility, by Rob Rosenberger of Vmyths.com

Related Stories

Altnet wakes up as worm spreads through KaZaA
Virus writers outpace traditional AV
ISS ranks Net vulnerabilities
Hybrid viruses set to become bigger threat
Firms hit in Nimda mutant outbreak
FBI blows Code Red all-clear
IT giants whacked by Code Red
The Code Red hype Hall of Shame

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.