Here comes your worst nightmare: Superworm
- By William Jackson
- Aug 27, 2003
Believe it or not, Internet worms until now have been too dumb and inefficient to cause much impact, according to software developer and activist Brandon Wiley.
Wiley said these inefficiencies will be corrected in a new generation of superworms capable of cooperating to blanket the Internet.
'Coordination between worms is the key in my scheme for superworms,' said Wiley, who set up the Foundation for Decentralized Research, at decentralize.org
Coordination 'eliminates overzealous infection' so a worm does not choke on its own glut of traffic, he said.
The Code Red worm in early 2001 used random scanning to propagate, which wasted bandwidth and caused self-competition for hosts, he said. The Nimda worm later that year added the capability for multiple avenues of infection. 'That was very nice, but not very stealthy,' Wiley said.
The 2002 Slapper worm could be updated by its controller to execute code on infected machines, but its various versions wasted time and energy competing among themselves, he said.Gem of a worm
Wiley expressed admiration for the single-packet design of the Sapphire worm, which succeeded in infecting 90 percent of vulnerable systems on the Internet within about 10 minutes in January 2003.
'That was just brilliant,' he said. But Sapphire didn't stop after 10 minutes. It continued trying to spread randomly, which drew attention to it and exhausted bandwidth.
Sapphire is the first example of a theoretical worm that Wiley called Warhol, capable of spreading across the Internet in about 15 minutes. The name came from pop artist Andy Warhol's remark that in the future everyone would be famous for 15 minutes.
Wiley's prototype superworm, which he called Curious Yellow, could combine a fast-spreading Warhol worm with a coordination algorithm to prevent overlap and competition.
'Each copy of the worm has a plan'knows what range of addresses it is in charge of,' Wiley said.
Each worm that took over a host could be updated to carry out commands or execute code. The result would be a large, robust network of controlled machines programmable for either benign or malicious tasks.
Wiley also has a scheme for blocking Curious Yellow: a patch-update algorithm called Curious Blue.
'People get mad when I tell them about this, because they say the cure is worse than the problem,' he said. Curious Blue, besides quickly patching vulnerabilities, also could quickly open up back doors and cause other trouble.
'If somebody wants to fund this,' he said, 'it would keep me from designing my superworm.'
William Jackson is a Maryland-based freelance writer.