July 11, 2001 1:50 PM PDT

Worm threat to worsen

LAS VEGAS--The next generation of computer worms will be stealthier, more targeted and harder to defend against, a security expert predicted Wednesday at the Black Hat Security Briefings.

"They are adaptive; they are evolving," Jose Nazario, a researcher for computer-security group Crimelabs, said of worms, malicious, self-replicating programs that have become a favorite tool of online vandals.

Nazario, who is doing doctoral work in biochemistry at Case Western University, called today's viral code the equivalent of "primordial ooze." While malicious code--such as the Love Bug, Hybris, Ramen and 1i0n--has spread widely, such programs are less evolved than single-cell organisms.

In the future, Nazario expects more complicated and effective programs that will be used to attack specific companies and pieces of the telecommunications infrastructure.

"We have to start thinking about worms--and networks--in the same way that we think about living systems," he said.

In the past year, computer worms have had immense success.

see special report: Year of the Worm Once limited to occasional flare-ups of mass-mailing programs, such as Melissa and the Love Bug, today's worms don't require any user interaction, allowing them to spread automatically.

Yet, while the most recent worms--such as Ramen, 1i0n and Sadmind--have spread quickly, their success has made detecting them easy. "Worms, as they stand currently, are highly visible and easily blocked because of the high traffic they generate," Nazario said.

But that will change in the next 12 to 18 months, Nazario said.

Worms that can be targeted to take over specific systems and report back once they succeed may be developed. Programs similar to the original concept of a worm--called a "tapeworm" in John Brunner's 1970s science-fiction novel "The Shockwave Rider"--that have a limited number of infected computers linked together could stealthily wend their way through the Internet.

And with the new technology, the original strength of worms--their automated speed--will remain, Nazario said.

"They are incredibly fast-moving, faster than you," he said. "By the time you have identified the worm, it is already widespread."

Dave Dittrich, a security engineer for the University of Washington in Seattle and an expert on responding to worm incidents, agreed that worms will evolve into a greater threat.

"If you take a biology perspective, then having a system that can be exploited is the same as having a weak immune system, and patching your system is like getting your shots before you travel," Dittrich said.

Keeping the computer immune system healthy will be increasingly important as worms become more common, he said. "On the Internet, flu season is every day."

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.