From: Lillie Kittredge (kittredl@u.washington.edu)
Date: Tue Nov 30 2004 - 08:43:17 PST
This paper discusses the fascinating and terrifying world of worms and
viruses, and the measures we can take to help lull ourselves into a false
sense of security about them.
They discuss Code Red and Nimda as examples of wild worms, and bring up
some things I hadn't know about them -- the way they reawaken themselves
on a regular basis, the way Nimda spread through multiple vectors, etc.
In this discussion they include the idea of hit lists, which allow a
divide-and-conquer approach to infecting a large list of machines quickly.
I find this interesting because it breaks the biological metaphor: bio
viruses can only infect individuals in proximity to each other. At first
this seems more powerful, that an infected machine can infect another from
somewhere entirely else on the internet, but they also make the astute
observation that preferentially infecting machines from nearby addresses
can make coverage more complete, and can much more effectively spread
within compromised internal networks if a copy gets past the firewall.
The other most terrifying thing in this paper was the discussion of
contagion worms, which are only spread passively, piggybacking worm
traffic on existing traffic. Though the current paradigm of worms are
hard enough to detect, these are nigh on impossible. These, at least in
theory, can slowly build an infection of massive proportions, which upon
awakening could potentially take down nearly the entire internet in one
fell swoop. The only thing protecting us from this apocalypse at the
moment is the apparent lack of the needed pair of security exploits (one
in a server, the other in a client).
I feel that the idea of a CDC is a good and necessary one, yet I'm not
convinced that it would really work. They identify the shortcomings any
such institution would have, such as extreme difficulty responding to
flash worms, and vulnerability to an attacker's attempt to swamp them with
unrelated traffic. I wonder if better preparedness measures would consist
of stockpiles of canned food, and reduced reliance of the postal service
(and everything else, for that matter) on electronic media. (Also, this
makes me think of a terrible sci fi story I read once where people defeat
their evil robot overlords by learning to do arithmetic on paper again.
Maybe we need that. While I'm on to spurious suggestions, let's build a
firewall around the whole Internet! That'll show 'em! Haha!)
Finally, much as with controlling the spread of bio pathogens, I feel that
educating the public is a necessary step towards dealing with this threat.
There's a note in the discussion of Code Red where the traffic patterns
after the initial infection and the re-awakening indicate that just over
half of the infected hosts were cured during the intervening 11 days.
Along with encouraging individuals and companies to take a proactive
stance on curing their own infections and preventing spreading them to
others, encourage them to understand their reliance on the Internet, and
to make provisions for what they would do if it went down.
This archive was generated by hypermail 2.1.6 : Tue Nov 30 2004 - 08:43:18 PST