So Many Worms, So Little Time
by Randy M. Nash - @RISK Online - Monday, 11 October 2004.

Let's face it; the Internet is a dangerous place, and it's not getting any better. Statistics show a rapid increase in the rate of Internet-based attacks. The ability of attackers to rapidly compromise large numgers of system poses a "real and present danger" to the overall security of the Internet. A thousand zombie hosts can cause a lot of damage, but the damage that can be caused by the tens of thousands that can be taken over by an Internet worm are staggering.

A Bit Of History

The Internet had its beginnings back in 1965 when ARPA sponsored a study on the "cooperative network of time-sharing computers". By 1966, the first ARPANET plan was developed. Over time this simple experimental network grew into what is know as today's Internet. Interestingly, in 1985 the ARPANET was brought to its knees by on 27 October because of an accidentally-propagated status-message virus. This was not the first virus however.

As early as 1949, self-replicating programs were being developed, and in 1981, several viruses were infecting the Apple world. The first computer viruses were simple because the computing capability was so limited. Most early viruses would simply copy themselves to a new location, then progress from there. Eventually, as more computing power became available, more complex viruses were developed. This included the addition of code to be executed once the virus had replicated itself to a new disk or computer.

Computer "worms" were first considered as a means of automating network management tasks. Experiments were performed at Xerox Palo Alto Research Center in 1982. The key problem noted was controlling the propagation of these programs. This became especially apparent to a young Robert Morris; a 23 year old doctoral student at Cornell University. Morris unleashed a worm on the Internet, not realizing that he had drastically miscalculated the rate of propagation and the impact it would have on compromised systems. The worm spread at a phenominal rate, must faster than originally intended. When Morris realized his worm was spreading faster than he anticipated and tried to post removal instructions. Unfortunately, these instructions were not received because most administrators had removed themselves from the Internet.

The worm infected over 6,000 machines across the country and, while no physical damage was caused by the worm, between $100,000 and $10,000,000 was lost due to lost access to the internet at an infected host (According to the United States General Accounting Office). Morris was sentenced to three years of probation, four hundred hours of community service, $10,050 in fines plus the cost of his supervision."

The worm era really seemed to take of in the late 1990's. There was a sharp increase in the frequency and number of worms, as well as the damage they caused. A very short list of the most memorable worms includes:
  • Melissa in 1999
  • Code Red, Nimda and Ramen in 2001
  • Slammer and Blaster in 2003.
Less Time To Respond


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th