0
ChasingBlueSky

An IM Virus could spread FAST

Recommended Posts

http://www.newscientist.com/news/news.jsp?id=ns99994233

Messaging worms could infect at lightning speed


17:30 03 October 03

NewScientist.com news service

A computer worm transmitted via instant messaging programs could, in theory, infect half a million computers within 30 seconds, simulations have shown.

Instant messaging (IM) applications let users to type messages directly onto each others' computer screens via the internet. This has become a popular alternative to email among home users and office workers.

So far, no-one has designed a computer worm to spread by IM. But computer security experts warn that it provides an obvious and potentially explosive target.

Eric Chien and Neal Hindocha, researchers at US anti-virus company Symantec, set out to determine how quickly an IM worm could spread. They calculated the speed of spread based on the time required to send packets of information between the IM programs on users desktops, as well as the number of additional users in the average person's IM "buddy list".


Network overload


"We did a variety of simulations," Chien told New Scientist. "An average scenario would be about 30 seconds to infect 500,000 machines. Even in a best case scenario we're talking less than three minutes."

A fast-spreading IM worm would use a software bug to breach a computer's security and carry out unauthorised commands. It could find other machines to infect almost instantly, from the contact list stored by each user's IM program. To date, around 60 vulnerabilities have been found in popular IM programs.

But the news is not all bad. Chien and Hindocha say IM networks are designed in a way that could provide defence against worms.

The networks have central servers that let users log on in order to chat. Sending massive amounts of traffic through these servers might simply cause them to crash, halting a worm's spread.

These central systems could also be used to quickly patch vulnerabilities in end user software. Some networks already prevent outdated clients from connecting at all. "Even though it sounds extreme, [any worm] could be cleaned up very quickly," Chien says.


Maximum speed


Jonathan Wignall, a computer security consultant with the non-profit Security Research Council in the UK, points out a software bug that would allow such a worm to spread has yet to be found.


"At the moment it would require users to accept a file," he says. Wignall also adds that all of a user's IM contacts would have to be online for the worm to spread with maximum speed.

Computer worms that spread via email, such as Blaster, often plunder a victim's address book to find new users to infect. But email travels far more slowly than IM communications, so it can take hours or even days for this type of infection to reach many thousands of computers systems.

Other worms, such as Slammer, rely on software bugs that can be exploited through ordinary network traffic. But these worms typically try to find vulnerable machines by scanning network addresses at random, again slowing the process of infection.

Chien and Hindocha's results were presented at the Virus Bulletin conference in Toronto, Canada, on 26 September.


Will Knight
_________________________________________
you can burn the land and boil the sea, but you can't take the sky from me....
I WILL fly again.....

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

0