Worms will become dynamic, smarter

As if they aren't enough trouble already, Internet worms are going to take an evolutionary leap, worm researcher Jose Nazario said here Wednesday at the fifth annual Black Hat Briefings conference.

"We're going to see a paradigm shift in what worms have to offer ... we're going to see worms evolve," said Nazario, who works for Crimelabs Security Group.

Internet worms are self-replicating and sustaining programs, often transmitted by e-mail, that infect vulnerable systems, sometimes with disastrous results, sometimes with minimal impact. Worms first gained prominence in the late 1980s, but have seen their public profile grow in the last 18 months as the number of worms affecting Windows systems, and more recently, Linux systems, has risen dramatically.

That trend isn't likely to end any time soon, Nazario said, who was presenting material from a paper Crimelabs will be releasing on its Web site next week. Crimelabs is a security consultancy.

"Worms have been and will continue to be a threat ... because they are relatively easy to put together" and because they keep working on their own even after they've been set loose, he said.

Given that worms will continue to exist, Nazario and his colleagues at Crimelabs see a change coming for worms. Right now, worms are limited in their targets and objectives, their types of attacks and exploits, he said.

The writers of most high-profile worms seem to be saying, ''Look! I can write a worm," he said. Their objective seems often to be more the actual writing of the worm than interest in perpetrating damage.

These worms are also limited in the damage they can do because the network traffic they generate grows so exponentially that they are quickly identified and blocked, Nazario said.

Slimy worms

Future worms, however, will be more sophisticated and subtle, making detecting and stopping them more difficult, he said. These new worms will include a number of dynamic components, which can be updated after the worm has been released, something that is not currently possible, he said.

Currently, worms use a single communications protocol to communicate between infected systems and with the machine (if any) that is controlling them. The worms Nazario sees coming will use a number of different protocols, and will be able to mix and match protocols, attacks and targets, thus making them harder to identify or stop. These worms will also have dynamic roles, meaning that the "child" worm may not necessarily look or behave how its "parent" did, he said.

Additionally, these worms will be able to change their characteristics and the damage they do on the fly, as the worm writer changes his code, Nazario said. Worms will be written with more modular structures which will allow for updating components, rather than writing new worms, he said. Updates will be distributed via Usenet and Web sites, and by hiding the updates in files which also contain non-worm content, he said.

Worms may even begin to require signed code to prevent update modules being written to keep the worms from working, he said.

Detecting the current crop of worms is largely a matter of understanding how the worm affects one system, which will lead to an understanding of how it will operate on all systems, he said. Dynamic worms will be more complicated, requiring correlation analysis to determine what set of scans and attacks are evidence of which worm.

Along with analysis, new kinds of defenses will have to be created. The oft-repeated mantra of keeping your antivirus software up to date and your system patched just won't work any longer, he said.

"We keep saying that -- no one's doing it."

These new worms will have to be fought using anomaly detection, agent-based intrusion detection systems and "poison" updates, modules that will disarm or destroy dynamic worms, he said.

Whether these defenses are in place or not, newer advanced worms will soon be spreading across the Internet, set to plague more and more users, he said.

Here's hoping antivirus and security firms can shift along with the worms.

Black Hat Briefings runs through Thursday at Caesar's Palace in Las Vegas.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

PC World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?