worm blog: Midgard Worms: Sudden Nasty Surprises from a Large Resilient Zombie Army

« Collaborative Online Passive Monitoring for Internet Quarantine | Main | Simulation and Analysis on the Resiliency and Efficiency of Malnets »

Midgard Worms: Sudden Nasty Surprises from a Large Resilient Zombie Army

Almost another "worst-case worm scenario", but unlike most people propose self-defending worms, these folks actually do some design and analysis of how it may work.

Future network intruders will probably use a zombie army to deliver many different attacks, rather than recruiting a new army per attack. We describe a Midgard Worm, which can build an extremely resilient and scalable overlay network to deliver attack code quickly. The worm's master could disseminate a 1-megabyte exploit or upgrade to a million zombies from any zombie in less than six minutes. Even if 80% of the zombies were disinfected, 70% of the remainder would remain connected and ready to receive new exploits. We discuss the basic design principles behind such a worm and methods of combating this kind of attack.

Source: Midgard Worms: Sudden Nasty Surprises from a Large Resilient Zombie Army, by Peter Reiher, Jun Li, and Geoff Kuenning.

September 19, 2006 in defense, modeling, papers | Permalink
Tell others: digg submit | del.icio.us this | Reddit