July 11, 2001 1:50 PM PDT
Worm threat to worsen
- Related Stories
Security showdown in VegasJuly 10, 2001
Worm crawls through thousands of serversMay 10, 2001
'Lion' worm stalks Linux machinesMarch 23, 2001
Year of the WormMarch 15, 2001
Ramen Linux worm mutating, multiplyingJanuary 22, 2001
Hybris virus: A sleeper hit?January 11, 2001
Experts say "Love" spawns at least 8 mutationsMay 5, 2000
"They are adaptive; they are evolving," Jose Nazario, a researcher for computer-security group Crimelabs, said of worms, malicious, self-replicating programs that have become a favorite tool of online vandals.
Nazario, who is doing doctoral work in biochemistry at Case Western University, called today's viral code the equivalent of "primordial ooze." While malicious code--such as the Love Bug, Hybris, Ramen and 1i0n--has spread widely, such programs are less evolved than single-cell organisms.
In the future, Nazario expects more complicated and effective programs that will be used to attack specific companies and pieces of the telecommunications infrastructure.
"We have to start thinking about worms--and networks--in the same way that we think about living systems," he said.
In the past year, computer worms have had immense success.
Yet, while the most recent worms--such as Ramen, 1i0n and Sadmind--have spread quickly, their success has made detecting them easy. "Worms, as they stand currently, are highly visible and easily blocked because of the high traffic they generate," Nazario said.
But that will change in the next 12 to 18 months, Nazario said.
Worms that can be targeted to take over specific systems and report back once they succeed may be developed. Programs similar to the original concept of a worm--called a "tapeworm" in John Brunner's 1970s science-fiction novel "The Shockwave Rider"--that have a limited number of infected computers linked together could stealthily wend their way through the Internet.
And with the new technology, the original strength of worms--their automated speed--will remain, Nazario said.
"They are incredibly fast-moving, faster than you," he said. "By the time you have identified the worm, it is already widespread."
Dave Dittrich, a security engineer for the University of Washington in Seattle and an expert on responding to worm incidents, agreed that worms will evolve into a greater threat.
"If you take a biology perspective, then having a system that can be exploited is the same as having a weak immune system, and patching your system is like getting your shots before you travel," Dittrich said.
Keeping the computer immune system healthy will be increasingly important as worms become more common, he said. "On the Internet, flu season is every day."