Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available

From: Dave Farber <dave () farber net>
Date: Mon, 29 Mar 2004 12:06:27 -0500
Date: Sun, 28 Mar 2004 16:19:45 -0800
From: John Gilmore <gnu () toad com>
Subject: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available
Sender: eff-infra-bounces () eff org
To: eff-infra () eff org, gnu () toad com


CAIDA's analysis of the "Witty" worm from two weeks ago is
frightening.  It was targeted to hit a particular vendor's firewall
product.  The worm came out one day after the vulnerability was
disclosed and patched.  Within 10 seconds it had spread to 110 hosts.
Within 45 minutes, it had compromised almost all of the vulnerable
machines on the Internet.  As a destructive worm, it gradually
disabled its hosts (by periodically writing garbage to a random spot
on disk).  If instead it had been a stealth 'bot', it would now have
about 12,000 machines ready to do its creator's bidding -- the entire
vulnerable population.

(If it had been targeting more numerous Linux, BSD, or Microsoft
systems, it would have spread as quickly, or more quickly.)

Worms are now able to propagate MUCH faster than humans can react to
stop them.  They can be released MUCH faster than humans can install
patches.  In short, the patch-and-pray model can't prevent
massive-scale attacks from succeeding (and using the resources of the
attacked machines for any other purpose).

This worm, along with others, validates the thesis from the seminal
2002 security paper, "How to 0wn the Internet in Your Spare Time" by
Stuart Staniford, Vern Paxson, and Nicholas Weaver.  For that, see:

  http://www.icir.org/vern/papers/cdc-usenix-sec02/

This has policy implications at many levels, from software development,
to security analysis, to infrastructure defense.

        John

Date: Thu, 25 Mar 2004 15:49:02 -0800
From: Colleen Shannon <cshannon () caida org>
To: caida () caida org,
Subject: [Caida] witty worm writeup available

Hi folks,

David and I thought you might be interested in our analysis of the
spread of the witty worm.  Our writeup is available at:

http://www.caida.org/analysis/security/witty/

Please let us know if you have any comments, questions, or other
feedback!

Thanks,
Colleen

--
Colleen Shannon
CAIDA/SDSC/UCSD - cshannon () caida org

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: