Superworm Manifesto unveiled at cybersecurity briefings
- By William Jackson
- Jul 31, 2003
LAS VEGAS'Internet worms until now have been mostly dumb, inefficient and poorly organized, making little impact.
But software developer and activist Brandon Wiley unveiled a guide for correcting these flaws at the Black Hat Briefings security conference. The guide includes plans for creating a new generation of worms capable of communicating and cooperating to blanket the Internet quickly and quietly.
In detailing what these new worms could look like, Wiley also offered a way for systems to be inoculated.
'Coordination between worms is the key in my scheme for creating superworms,' said Wiley, founder of the Foundation for Decentralised Research. 'It eliminates overzealous infection' so it does not choke on its own glut of traffic.
Typical worms, such as Code Red, use random scanning to propagate, wasting bandwidth and competing with themselves once released. Nimda added the capability to use multiple avenues of attack. 'That was very nice, but it was not very stealthy,' Wiley said.
The Slapper worm could be updated by its controller to execute code on an infected machine, but it wasted time and energy competing with itself in various versions.
But Wiley said he admires the single-packet design of the Sapphire worm, which succeeded in infecting 90 percent of vulnerable machines within about 10 minutes.
'That was just brilliant,' he said. But Sapphire didn't stop at the end of 10 minutes. It continued trying to spread randomly, drawing attention to itself and quickly running out of bandwidth.
Sapphire probably is the first example of a theoretical worm concept called Warhol, which could spread across the Internet in 15 minutes. Wiley's superworm concept, called Curious Yellow, would combine the fast-spreading characteristics of a Warhol worm with an algorithm that would let the worms coordinate their activities to avoid overlap, multiple infections and competition.
'Each copy of the worm has a plan, everybody knows what range of addresses he is in charge of,' Wiley said in describing the algorithm.
The result is a large, robust network of exploited machines that can be continually updated to carry out tasks, benign or malicious.
If this sounds threatening, Wiley has also come up with an idea for blocking Curious Yellow. It is a patch update algorithm called Curious Blue.
'People get mad when I tell them how to stop this, because they say the cure is worse than the problem,' Wiley said. 'But if somebody wants to fund this, it would keep me from designing my superworm.'
William Jackson is a Maryland-based freelance writer.