ElectricAardvark opened this issue on Jun 15, 2002 ยท 33 posts
praxis22 posted Mon, 17 June 2002 at 12:32 PM
Attached Link: http://www.cs.berkeley.edu/~nweaver/
Hi, I read a really interesting scientific paper today called "how to 0wn the internet in your spare time" by Stuart Staniford, Vern Paxson and Nicholas Weaver. Funded by DARPA and the Lawrence Berkeley labs at UCB. Talks about Code Red, Nimda and recent infection strategies, etc. they reckon that a forearmed virus (one had scanned the namespace beforehand) could, from a fast link, theoretically infect every single vulnerable system on the internet in 30 seconds. This is no joke, they even give you the math. They reckon that a "Warhol" worm is far more likely though, (one that infects everything in 15 minutes :) given that some rescans may be required, etc. Still it's a fairly incredible bit of research. They reckon that the entire namespace of the 'net is 48Mb uncompressed, but compressed and sorted it's only 7.5Mb. The first instance of the worm carries the entire namespace, but on it's first infection it passes half of the name space to the new copy, and they do likewise for each infection, they reckon you can cover the entire 'net in a seven layer model, with infection increasing exponetially the smaller the namespace gets, with almost no re-scans. Most of the infections would go dormant in seconds. Flashlood. BAM! you Own the internet. But the thing they reckon is really going to be big, is a new kind of infection vector called "contagion" which can spread at a very low level like wildfire via the P2P networks of KaZaA and Morpheous. Aparently thier makeup fits the infection vector distribution curve almost perfectly, matches the infection vector curve, especially since they're mostly DSL and large files and lots of scans are the norm. It really is a stuning bit of reseach, if you are at all technically minded. I got it of slashdot last week... I was thinking that placing a hardened UNIX box between me and my forthcoming DSL connection would be enough. But now I think I finally have a real reason to buy a new Mac. It's simply safer to own one if you're using the 'net. Because 15 minutes for complete penetration gives you no chance to avoid infection by updating your virus protection, etc. For those still suffering from Klez however the following may be useful, I mail them to users several times a week... http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html http://www.wired.com/news/technology/0,1282,52174,00.html Aha! Found it :) later jb