ChasingBlueSky 0 #1 October 4, 2003 http://www.newscientist.com/news/news.jsp?id=ns99994233 Messaging worms could infect at lightning speed 17:30 03 October 03 NewScientist.com news service A computer worm transmitted via instant messaging programs could, in theory, infect half a million computers within 30 seconds, simulations have shown. Instant messaging (IM) applications let users to type messages directly onto each others' computer screens via the internet. This has become a popular alternative to email among home users and office workers. So far, no-one has designed a computer worm to spread by IM. But computer security experts warn that it provides an obvious and potentially explosive target. Eric Chien and Neal Hindocha, researchers at US anti-virus company Symantec, set out to determine how quickly an IM worm could spread. They calculated the speed of spread based on the time required to send packets of information between the IM programs on users desktops, as well as the number of additional users in the average person's IM "buddy list". Network overload "We did a variety of simulations," Chien told New Scientist. "An average scenario would be about 30 seconds to infect 500,000 machines. Even in a best case scenario we're talking less than three minutes." A fast-spreading IM worm would use a software bug to breach a computer's security and carry out unauthorised commands. It could find other machines to infect almost instantly, from the contact list stored by each user's IM program. To date, around 60 vulnerabilities have been found in popular IM programs. But the news is not all bad. Chien and Hindocha say IM networks are designed in a way that could provide defence against worms. The networks have central servers that let users log on in order to chat. Sending massive amounts of traffic through these servers might simply cause them to crash, halting a worm's spread. These central systems could also be used to quickly patch vulnerabilities in end user software. Some networks already prevent outdated clients from connecting at all. "Even though it sounds extreme, [any worm] could be cleaned up very quickly," Chien says. Maximum speed Jonathan Wignall, a computer security consultant with the non-profit Security Research Council in the UK, points out a software bug that would allow such a worm to spread has yet to be found. "At the moment it would require users to accept a file," he says. Wignall also adds that all of a user's IM contacts would have to be online for the worm to spread with maximum speed. Computer worms that spread via email, such as Blaster, often plunder a victim's address book to find new users to infect. But email travels far more slowly than IM communications, so it can take hours or even days for this type of infection to reach many thousands of computers systems. Other worms, such as Slammer, rely on software bugs that can be exploited through ordinary network traffic. But these worms typically try to find vulnerable machines by scanning network addresses at random, again slowing the process of infection. Chien and Hindocha's results were presented at the Virus Bulletin conference in Toronto, Canada, on 26 September. Will Knight_________________________________________ you can burn the land and boil the sea, but you can't take the sky from me.... I WILL fly again..... Quote Share this post Link to post Share on other sites
bobsled92 0 #2 October 4, 2003 Thanks, Thank God, I don't I.M...at all now. A good thing for me._______________________________ If I could be a Super Hero, I chose to be: "GRANT-A-CLAUS". and work 365 days a Year. http://www.hangout.no/speednews/ Quote Share this post Link to post Share on other sites
