|
Sci Tech
Fastest computer worm
A TEAM of network security experts in California has determined that the computer worm that attacked and hobbled the global Internet recently was the fastest one ever recorded. In a technical paper the experts report that the speed and nature of the Sapphire worm (also called Slammer) represent significant and worrisome milestones in the evolution of computer worms.
Computer scientists at the University of California, San Diego and its San Diego Supercomputer Centre (SDSC), Eureka-based Silicon Defence, the University of California, Berkeley, and the non-profit International Computer Science Institute in Berkeley, found that the Sapphire worm doubled its numbers every 8.5 seconds during the explosive first minute of its attack. Within 10 minutes of debuting the worm was observed to have infected more than 75,000 vulnerable hosts. The infected hosts spewed billions of copies of the worm into cyberspace, significantly slowing Internet traffic.
"The Sapphire worm represents a major new threat in computer worm technology," said Stuart Staniford, president and founder of Silicon Defence. "Although this particular computer worm did not carry a malicious payload, it did a lot of harm by spreading and blocking networks."
Sapphire's tiny size enabled it to reproduce rapidly and also fit into a type of network `packet' that was sent one-way to potential victims, an aggressive approach designed to infect all vulnerable machines rapidly and saturate the Internet's bandwidth, the experts said.
The speed with which the diminutive Sapphire worm copied itself and scanned the Internet for additional vulnerable hosts was limited only by the capacity of individual network connections.
"For example, the Sapphire worm infecting a computer with a one-megabit-per-second connection is capable of sending out 300 copies of itself each second," said Staniford. A single computer with a 100-megabit-per-second connection, found at many universities and large corporations, would allow the worm to scan 30,000 machines per second.
"The novel feature of this worm, compared to all the other worms we've studied, is its incredible speed: it flooded the Internet with copies of itself so aggressively that it basically clogged the available bandwidth and interfered with its own growth," said David Moore, an Internet researcher at SDSC's Cooperative Association for Internet Data Analysis (CAIDA).
The technical report analysing Sapphire states that the worm's designers made several `mistakes' that significantly reduced the worm's distribution capability. For example, the worm combined high-speed replication with a commonly used random number generator to send messages to every vulnerable server connected to the Internet.
However, the authors made several mistakes in adapting the random number generator. Had not there been enough correct instructions to compensate for the mistakes, the errors would have prevented Sapphire from reaching large portions of the Internet.
Printer friendly
page
Send this article to Friends by
E-Mail
Sci Tech
|
