Researchers: 'Flash' worm will eat Internet in 15 minutes

Computer science researchers are predicting new types of dangerous worms that would be able to infect Web servers, browsers and other software so quickly that the working Internet itself could be taken over in a matter of minutes.

Though still in the realm of theory, the killer worms described in a research paper entitled, "How to Own the Internet in Your Spare Time", are triggering some skepticism but the idea of them is seldom dismissed as outlandish science fiction.

The three authors of the research, published two months ago, present a future where worm-based attacks use "hit lists" to target vulnerable Internet hosts and equipment, such as routers, rather than scanning aimlessly as the last mammoth worm outbreaks, Nimda and Code Red, did last year. And this new breed of worms will carry dangerous payloads to allow automated denial-of-service and file destruction through remote control.

"Code Red and Nimda could have spread faster, and they didn't have powerful payloads," asserts Stuart Staniford, president of Silicon Defense Inc., and co-author of the research paper. The other authors are Vern Paxson, a staff scientist at both the Berkeley-based ICSI Center for Internet Research and Lawrence Berkeley National Lab's network research group, and Nicholas Weaver, a graduate student at the University of California at Berkeley.

The paper argues that this next generation of computer worms -- which would certainly have military application during war - would carry knowledge about a specific server's vulnerability and propagate at a breathtakingly high rate of infection, "so that no human-mediated counter-response is possible."

Remedying software vulnerabilities remains a huge problem, with many corporations admitting it takes about a day or two -- at best -- to apply software patches once a software vendor has acknowledged a vulnerability in product coding and supplied a fix for it. And home computer users online are often wholly unaware of these types of problems.

Staniford says they tested the paper's thesis in a lab simulation of a computer worm designed to subvert 10 million Internet hosts over both low-speed and high-speed lines. Supplied with its own "hit list" of IP addresses and vulnerabilities gained through prior scanning, the theoretical worm could infect more than nine million servers in a quarter hour or so.

They called this the "Warhol worm" after artist Andy Warhol's well-known quote that in the future, everyone will be famous for 15 minutes. A similar, theoretical worm they coined the Flash worm, blasted out from a 622M bit/sec link, would take even less time to "own" the Internet.

The authors conclude that just as the U.S. government has established the "Centers for Disease Control" in Atlanta as the central voice in matters related to new health risks for the nation, it would benefit the country to set up an operations center on virus- and worm-based threats to cybersecurity.

Richard Clarke, the advisor to President Bush on cybersecurity matters, said that while he hadn't read the Flash-worm research paper, he wouldn't discount the idea of a very-fast-moving worm of this type.

As it happens, the draft "National Strategy to Secure Cyberspace" report issued last month, for which Clarke is asking for public comment, contained the recommendation that the government fund a network operations center as a central point for threat analysis.

Another U.S. government official, Bob Dacey, director of information security issues at the U.S. General Accounting Office, said of the theoretical worms: "The risk is there, though I can't speak to the 15 minutes. When you look at Nimda and Code Red, you see greatly developed delivery mechanisms."

To date, the Internet hasn't seen a worm with a really dangerous payload to destroy systems combined with rapid delivery but it certainly might be out there in the future, said Dacey, who's in charge of overseeing vulnerability-testing of federal agencies' networks.

Dacey said agencies need to do a better job of applying software patches, and to that end the federal government is seeking to award a contract for an outside patch-management service to help agencies install patches quickly.

The terms "Flash" and "Warhol" worms are not yet part of the common vocabulary of the antivirus software business and its technologies. At first glance, the idea of a worm devouring the Internet in 15 minutes sounds far-fetched to many.

"It's hard to imagine such a thing could happen," responds Bob Justus, vice president of security at Union Bank of California, but then he adds: "But I guess it's possible."

Antivirus software vendors and the security industry as a whole seem to be taking the research paper seriously though it's unclear what defenses there may be for a worm that attacks the whole Internet in seconds.

"It's definitely plausible," says TruSecure Corp.'s virus expert, Roger Thompson. "It's highly likely we'll see them."

Traditional antivirus software relies on signature updates to stop a worm or virus once it's identified, but with fast-moving Flash and Warhol worms, this wouldn't work, Thompson pointed out.

"We haven't seen a 'Flash' worm yet, but now that there's a paper on it, we probably will," says Mikko Hyponnen, manager of anti-virus research at F-Secure Corp.

This research indeed has "credibility," said a spokesman for Moscow-based Kaspersky Labs Ltd., but he added, "Actually, we predicted this technology two years ago but never published it because it may give virus writers another clue how to improve their malware. The Berkeley guys did this and they are half-guilty for such a worm [appearing] that may easily cause the Internet to be down in just an hour, so users will not be able to download anti-virus updates."

Staniford admits he's taken some heat for describing how the worms would work, but tried not be too obvious. He said there may not be much way to defend against a Flash worm today, but Silicon Defense, has something in the works, which he declined to discuss, that may be ready by next February.

Not all security firms think the killer worms are an identifiable problem yet. Security firm Network Associates Inc.'s research division, Avert Labs, said the concept of a Flash worm is "possible," but added with a note of skepticism, "there is a big step between theory and practice.'

Others security firms are also a bit dubious about Flash. Trend Micro Inc.'s product manager Bob Hansen said, "The threat from this type of thing is definitely growing," but that "it takes a ton of research to design one of these things."

Nevertheless, Hansen said it's "certainly credible to think that a worm designed as a targeted hacker tool could be created to bring down 20 or 30 of the major business Web sites within a matter of minutes."

While signature-based updates wouldn't be ready fast enough, behavior-based technologies, such as Trend Micro's Applet Trap, which he noted isn't a big seller, might be successful in blocking such an attack.

Okena, which makes behavior-based intrusion-detection software, weighed in on the Flash worm. Director of product management Ted Doty said if a Flash worm does appear in the future, Okena Inc.'s StormWatch software for servers and desktop might be able to block it as it did Nimda or Code Red by blocking unauthorized behavior. However, few companies are using any type of behavior-blocking software today.

"You can detect attacks you haven't known about before," says Rob Clyde, chief technology officer at Symantec Corp. about the idea of a Flash worm. "But it's not going to be easy."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

PC World
Show Comments


Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?