Search


CRA TumbleLog

Archives
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
Archives by Category
American Competitiveness Initiative (45)
CRA (38)
Computing Community Consortium (CCC) (6)
Diversity in Computing (9)
Events (8)
FY06 Appropriations (13)
FY07 Appropriations (32)
FY08 Appropriations (8)
Funding (135)
Misc. (42)
People (67)
Policy (179)
R&D in the Press (56)
Research (45)
Security (20)
Recent Entries
NY Times on Women's Interest in Computing
Time on GENI
Innovation Briefing Event
NSF Reauthorization
Eugene Spafford Honored with ACM President's Award
Innovation Bill Moves Forward
CRA's Hiring
Innovation Funding Featured in House Budget Resolution
Announcing the Computing Research Policy TumbleLog
Innovation Press Conference and Hearing
CRA Links
Computing Research News
CRA-Bulletin
Computing Data and Resources
CRA in the News
Computing Research in the FY05 Budget
What We're Reading
Computational Complexity
CNSR Online
Danger Room
Defense Tech
Freedom to Tinker
InsideHPC
Lessig Blog
Nothing is as simple...
Reed's Ruminations
Schneier on Security
Techdirt
UMBC eBiquity Blog
USACM Tech Policy Blog
Advocacy Materials
IT R&D One-pager (pdf)
DARPA and University Research One-pager (pdf)
Cyber Security R&D One-pager (pdf)
Current and Requested IT R&D Funding Charts (pdf)
Recent Testimony
Cybersecurity R&D (pdf)
IT R&D Funding (pdf)
Syndicate this site (XML)
Atom (XML)

Subscribe with Bloglines

Powered by
Movable Type 2.65

March 26, 2004

The Spread of the Witty Worm

The folks at UCSD Computer Science and Engineering and the Cooperative Association for Internet Data Analysis (CAIDA) put their "Network Telescope" to good work in analyzing the spread of the Witty Worm. From their analysis:

  • Witty was the first widely propagated Internet worm to carry a destructive payload.
  • Witty was started in an organized manner with an order of magnitude more ground-zero hosts than any previous worm.
  • Witty represents the shortest known interval between vulnerability disclosure and worm release -- it began to spread the day after the ISS vulnerability was publicized.
  • Witty spread through a host population in which every compromised host was doing something proactive to secure their computers and networks.
  • Witty spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly.
    • The conclusion is ominous:
    Witty demonstrated that any minimally deployed piece of software with a remotely exploitable bug can be a vector for wide-scale compromise of host machines without any action on the part of a victim. The practical implications of this are staggering; with minimal skill, a malevolent individual could break into thousands of machines and use them for almost any purpose with little evidence of the perpetrator left on most of the compromised hosts.
    And finally:
    The patch model for Internet security has failed spectacularly. To remedy this, there have been a number of suggestions for ways to try to shoehorn end users into becoming security experts, including making them financially liable for the consequences of their computers being hijacked by malware or miscreants. Notwithstanding the fundamental inequities involved in encouraging people sign on to the Internet with a single click, and then requiring them to fix flaws in software marketed to them as secure with technical skills they do not possess, many users do choose to protect themselves at their own expense by purchasing antivirus and firewall software. Making this choice is the gold-standard for end user behavior -- they recognize both that security is important and that they do not possess the skills necessary to effect it themselves. When users participating in the best security practice that can be reasonably expected get infected with a virulent and damaging worm, we need to reconsider the notion that end user behavior can solve or even effectively mitigate the malicious software problem and turn our attention toward both preventing software vulnerabilities in the first place and developing large-scale, robust and reliable infrastructure that can mitigate current security problems without relying on end user intervention.
    Interesting stuff...

    Posted by PeterHarsha at March 26, 2004 09:09 AM | TrackBack
    Posted to Research