Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What Does a Spreading Worm Look Like?

CmdrTaco posted more than 9 years ago | from the can-i-disenchant-it-for-reagents dept.

Worms 233

quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."

Sorry! There are no comments related to the filter you selected.

What a spreading worm *really* looks like. (5, Funny)

TripMaster Monkey (862126) | more than 9 years ago | (#12488109)


What Does a Spreading Worm Look Like?

This [moviegoods.com] is what a spreading worm looks like.

^_^

Re:What a spreading worm *really* looks like. (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12488208)

I was thinking more along the lines of this. [biomedcentral.com]

Re:What a spreading worm *really* looks like. (0)

Anonymous Coward | more than 9 years ago | (#12488544)

That picture will haunt me forever.......that is just plain nasty

Re:What a spreading worm *really* looks like. (3, Funny)

liquidpele (663430) | more than 9 years ago | (#12488317)


I see them more like this [gameavenue.com]

Re:What a spreading worm *really* looks like. (1)

Ced_Ex (789138) | more than 9 years ago | (#12488690)

I was thinking more Fear Factor like... particular when they have them piled up on a plate or in a doughnut.

Re:What a spreading worm *really* looks like. (-1, Offtopic)

honkeytron (849435) | more than 9 years ago | (#12488374)

Spaghetti anyone?

Re:What a spreading worm *really* looks like. (2, Interesting)

pdbogen (596723) | more than 9 years ago | (#12488567)

Am I the only one reminded of Alpha Centauri by that picture?

Re:What a spreading worm *really* looks like. (2, Funny)

Reziac (43301) | more than 9 years ago | (#12488582)

I thought it might look rather like a flatworm, or perhaps a leech.

"When a new worm spreads around the world, people want to know if they are protected."

Well, I suppose that depends on whether it's an endangered species or not.

Re:What a spreading worm *really* looks like. (1)

AndroidCat (229562) | more than 9 years ago | (#12488647)

If they were blue, I'd have figured that it was network cable and a far far scarier movie.

Re:What a spreading worm *really* looks like. (1)

Spacejock (727523) | more than 9 years ago | (#12488756)

Like a centerfold without the legs?

heeeeeeeeej (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12488117)

GNAA RESEARCH UNVEILS STARTLING DISCOVERY
GNAA RESEARCH UNVEILS STARTLING DISCOVERY

Gay Nigger Research Laboratories, Kristiansand, Norway - Today, on Adolf Hitler's birthday, the top secret Gay Nigger Research Laboratories have announced a startling discovery that will shake the world.

A video recording was recovered from an abandoned Nazi bunker on the outskirts of Kristiansand (now home to the GNRL), depicting Nazi party leaders Heinrich Himmler, Hermann Göring and Adolf Hitler. Something was truly remarkable about this video however; on it, Adolf Hilter is clearly a man of African descent. After the discovery, the GNAA funded a thorough investigation. Two more videos were recovered, along with many photographs, which back up the original findings that Hitler was a nigger. Also, analysis of previously published video footage of the Führer was shown to be clearly tampered with. How anyone failed to notice this before now is beyond our comprehension. No-one else than a trained Jew and his companions could have managed to trick the world for sixty years with these simple lies.

But now the GNAA has come to the rescue.

We have revealed the Zionist lies about Führer und Reichskanzler Adolf Hitler, the lies that make him so hated. Hitler was not a white supremacist or a tyrant. He was a nigger, fighting for the freedom of all people, all races, and all religions (Jews are considered to be neither human or a legitimate religion.) The world should be thankful for the top secret gay nigger research that has been conducted to reveal this and we encourage everyone, everywhere, to Heil Hitler on his birthday.

In light of this discovery, several Jew agents were discovered rooted deep within the GNAA hierarchy. These filthy spies, apparently working from a secret location in London, England, have attempted to make the GNAA a harsh place to stay. They have randomly attacked GNAA members using cowardly tactics in an attempt to stop this important research being published. We will not be swayed however. We will be strong and united. Together we can fight international judaism and end the oppression of gay niggers everywhere.

About Adolf Hitler

Born on April 20th, 1889, Adolf Hitler was the leader of the National Army of Zionist Incarceration, who's primary objective was to imprison and eliminate as many Jews as possible. His Nazi movement gained prominance all over Europe, and he succeeded in eliminating millions of Jew parasites from the face of the planet. Unfortunately, he could not get the smell of cindered Jew flesh out of his hair, and took his own life in disgust on April 30th, 1945.



About Jews

Jews are a pungent smelling form of rat, which through evolution over many years have obtained the ability to speak. These disgusting creatures now wander around our great societies, stealing and lying as much as they can. London, England is widely known by its' nickname "The International Capital of Zionism", due to the large concentration of Jews found there. Notably, well known Jew Winston Churchill had his base of operations in London during World War II, and he spearheaded the Jewish offensive against the Nazi movement. (A quick geneanalysis suggests dcom may be related to Winston Churchill, but this may be the result of inbreeding with Londoners, who are predominantly of Jewish heritage.)



About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [mugshots.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!
  • First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
  • Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org] , a popular "news for trolls" website.
  • Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.us as our official server. Follow this link [irc] if you are using an irc client such as mIRC.

If you have mod points and would like to support GNAA, please moderate this post up.

.________________________________________________.
| ______________________________________._a,____ | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ | gary_niger@gnaa.us [mailto]
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA Corporate Headquarters
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ | 143 Rolloffle Avenue
| ________"#,___*@`__-N#____`___-!^_____________ | Tarzana, California 91356
| _________#1__________?________________________ |
| _________j1___________________________________ | All other inquiries:
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Al-Punjabi
| ____!4yaa#l___________________________________ | enid_al_punjabi@gnaa.us [mailto]
| ______-"!^____________________________________ | GNAA World Headquarters
` _______________________________________________' 160-0023 Japan Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2

Copyright (c) 2003-2005 Gay Nigger Association of America [www.gnaa.us]

Lion Mutilates 42 Midgets in Cambodian Ring-Fight. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12488382)

Spectators cheered as entire Cambodian Midget Fighting League squared off against African Lion Tickets had been sold-out three weeks before the much anticipated fight, which took place in the city of Kâmpóng Chhnãng. The fight was slated when an angry fan contested Yang Sihamoni, President of the CMFL, claiming that one lion could defeat his entire league of 42 fighters. Sihamoni takes great pride in the league he helped create, as was conveyed in his recent advertising campaign for the CMFL that stated his midgets will "... take on anything; man, beast, or machine." This campaign is believed to be what sparked the undisclosed fan to challenge the entire league to fight a lion; a challenge that Sihamoni readily accepted. An African Lion (Panthera Leo) was shipped to centrally located Kâmpóng Chhnãng especially for the event, which took place last Saturday, April 30, 2005 in the city's coliseum. The Cambodian Government allowed the fight to take place, under the condition that they receive a 50% commission on each ticket sold, and that no cameras would be allowed in the arena. The fight was called in only 12 minutes, after which 28 fighters were declared dead, while the other 14 suffered severe injuries including broken bones and lost limbs, rendering them unable to fight back. Sihamoni was quoted before the fight stating that he felt since his fighters out-numbered the lion 42 to 1, that they "... could out-wit and out-muscle [it]." Unfortunately, he was wrong.

When you say spreading.... (1)

ZephyrXero (750822) | more than 9 years ago | (#12488120)

...do you mean like this [okccc.edu] ?

launching a windows executable from a link (5, Insightful)

codepunk (167897) | more than 9 years ago | (#12488131)

That is exactly what it looks like, a windows executable installer launched off of a web page with unknow origin.

Re:launching a windows executable from a link (4, Interesting)

justforaday (560408) | more than 9 years ago | (#12488148)

Certainly doesn't help that it's on the "enterprisesecurity" subdomain either...

Re:launching a windows executable from a link (0)

OglinTatas (710589) | more than 9 years ago | (#12488261)

Geez, I was expecting an article at the link, I got a download. Luckily it was big enough I could cancel it before it completed. What if it were a 50KB worm? Good thing I run OS X 10.4. Wait, what if it were a widget? Damn!

Re:launching a windows executable from a link (-1)

Anonymous Coward | more than 9 years ago | (#12488307)

Mod parent +20 Insightful.
Jesus, Mary, and Starbucks! Why would you have a direct link to a Windoh!'s executable in a Slashdot article??? Furthermore, how many oblivious Slashers actually downloaded the file or had it auto-execute when they unwittingly clicked the link?

Re:launching a windows executable from a link (0, Troll)

leuk_he (194174) | more than 9 years ago | (#12488491)

Linking an executable that formats the C: drive would double the average IQ of /. readers.

I am not sure however if that would be funny. It would be funny to linux users...until a linux binary is linked.

You mean... (1, Insightful)

hummassa (157160) | more than 9 years ago | (#12488743)

A linux binary that could chmod +x itself, and then execute? Preferently as root, so it can open a port in the iptables firewall? :-) Yeah, I didn't think so either.

Re:launching a windows executable from a link (1)

DenDave (700621) | more than 9 years ago | (#12488734)

No shit eh? I ain't gonna download an executable from Symantic!! I don't trust these folks any further than I can throw 'em!!

Fastest way to spread a worm... (5, Insightful)

D4MO (78537) | more than 9 years ago | (#12488137)

Linking directly to an MSI file in a slashdot story.

Re:Fastest way to spread a worm... (1)

alexhs (877055) | more than 9 years ago | (#12488201)

Nah, it's an MSIE-only worm (like most (e-)worms)

Slashdotters ALL use alternative browsers, right ? RIGHT ?

Re:Fastest way to spread a worm... (3, Funny)

boaworm (180781) | more than 9 years ago | (#12488344)

I seem to be immune to these worms, I cannot doubleclick on the "msi" file.

boaworm$ ls -l *.msi
-rw-r--r-- 1 boaworm boaworm 2022400 28 Apr 17:16 SRL_Worm_Simulator.msi
mirage:~/Desktop boaworm$ chmod a+x SRL_Worm_Simulator.msi
mirage:~/Desktop boaworm$ ./SRL_Worm_Simulator.msi
-bash: ./SRL_Worm_Simulator.msi: cannot execute binary file
mirage:~/Desktop boaworm$

Poor me, my Panther cant even get that worm to RUN... i't should be dead scared, should it not ? Perhaps I need Tiger..

Great thing for a security company to encourage (5, Funny)

Lord Bitman (95493) | more than 9 years ago | (#12488138)

"So, what does a worm look like when it spreads? Install this program to find out!"

and ALT-F4 will activate "ultra mode"

Re:Great thing for a security company to encourage (1, Funny)

Anonymous Coward | more than 9 years ago | (#12488180)

I can't get ultra mode to work. Every time I try the program crashes.

Re:Great thing for a security company to encourage (1)

BJH (11355) | more than 9 years ago | (#12488337)

Sounds like your PC is having power filtering problems, or possibly it's being affected by sunspot activity.

Try hitting your power switch once a second for a couple of minutes. That should ensure that you have no more problems with your PC.

it looks like this (-1, Troll)

b17bmbr (608864) | more than 9 years ago | (#12488139)

Appropriate packaging (4, Insightful)

PowerBert (265553) | more than 9 years ago | (#12488144)

It's good to see the worm simulator is only slightly less platform independant than your average worm.

Perhaps Symantec figure the only ones who would want to look at a spreading worm are those most affected by it??

Don't Download it (-1)

TheKidWho (705796) | more than 9 years ago | (#12488145)

Don't Download It!

IT'S A VIRUS!!! ahhh watchout!

Re:Don't Download it (0)

pairo (519657) | more than 9 years ago | (#12488260)

Yegads... Informative?

Re:Don't Download it (0)

qw(name) (718245) | more than 9 years ago | (#12488369)

This is Slashdot after all.

Re:Don't Download it (5, Funny)

leuk_he (194174) | more than 9 years ago | (#12488392)

No it is not. At least my norton antivirus enterprise edition 10.0 with updated signatures does not flag this file.

I should be safe.

ps: ;)

ps2: Note to moderators: this is funny, not informative!

Re:Don't Download it (0)

Anonymous Coward | more than 9 years ago | (#12488512)

Ha! You get both!

What Does a Spreading Worm Look Like? (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12488155)

What Does a Spreading Worm Look Like?

John Ashcroft pinned to the hood of a police cruiser?

Darn Linux (0, Redundant)

SloWave (52801) | more than 9 years ago | (#12488157)


It won't even run the Microsoft Worm simulators. I'm missing out on all the fun with worms and viruses (virii).

Re:Darn Linux (2, Informative)

ZephyrXero (750822) | more than 9 years ago | (#12488196)

You can run virii with Wine [newsforge.com] ;)

real plot? (2, Interesting)

moz25 (262020) | more than 9 years ago | (#12488164)

Interesting, but I would be slightly more interested in a real-time actual plot. Do they have that available as well?

What Does a Spreading Worm Look Like? (4, Funny)

Zontar The Mindless (9002) | more than 9 years ago | (#12488168)

And it's a .msi file, hence Windows only.

How appropriate.

Re:What Does a Spreading Worm Look Like? (0)

Anonymous Coward | more than 9 years ago | (#12488599)

Nonsense:

wine msiexec /i msifile.msi

Re:What Does a Spreading Worm Look Like? (1)

Zontar The Mindless (9002) | more than 9 years ago | (#12488750)

Which requires a Windows installation.

You were saying?

Spreading Worm? (1)

TheFlyingGoat (161967) | more than 9 years ago | (#12488176)

You mean one that's been stepped on? It looks something like this [moi-carine.com] .

Hey, at least I'm not trying to launch an executable on you.

msi (1)

hugzz (712021) | more than 9 years ago | (#12488183)

.msi format. usefull.

screenshots, anyone?

Re:msi (1)

Ford Prefect (8777) | more than 9 years ago | (#12488451)

screenshots, anyone?

I installed it on a sacrificial Windows machine, and the results were something like this [google.com] . Eww!

You want us to install a program? (5, Funny)

mrighi (855168) | more than 9 years ago | (#12488189)

I can't believe Slashdot wants us to learn how a virus spreads by encouraging us to download an MSI executable off the home page!

That would be like me going to the doctor and having him ask me if I know how HIV is spread and then asking me to take my pants off.

Re:You want us to install a program? (1)

technomancer68 (865695) | more than 9 years ago | (#12488216)

You mean that's not normal? >.>

heh, ummm yah.. cuz.. umm.. yah that's never happened to me or anything.. just.. umm.. curious.. yah.. curious.. heh.. >.>

Re:You want us to install a program? (0)

Anonymous Coward | more than 9 years ago | (#12488494)

Of course it is all those anti virus companies that sponsor virus development. Their survival depends on new worms created on a regular basis. Follow the money!!

I saw the picture (0)

bigtallmofo (695287) | more than 9 years ago | (#12488192)

It was just some dork opening various joke emails from his dorky friends.

it assumes (-1)

Anonymous Coward | more than 9 years ago | (#12488193)

everyone gets patched... it is boring.

Torren (2, Informative)

spadadot (879731) | more than 9 years ago | (#12488205)

Ok, it's not that useful this time, but I'm doing this to learn :)

http://dload.digitalriviera.com/SRL_Worm_Simulator .msi.torrent [digitalriviera.com]

Re:Torren (1)

pairo (519657) | more than 9 years ago | (#12488401)

Hm. I've an idea. Gonna try to get a script that periodically (every couple of minutes) looks at new /. stories and searches for files bigger than... 5MiB?, downloads them then makes .torrents.
Problem is, you can't use mirrors people put up, so this would work better if a subscriber did it.
Alas, this is something I'll have to do some other day, as I'm off for now.

Interesting article in IEEE spectrum (5, Informative)

karvind (833059) | more than 9 years ago | (#12488206)

On similar theme, current issue of IEEE Spectrum has article on How to Hook Worms [ieee.org]

Snake Oil for sale (5, Insightful)

Marcus Erroneous (11660) | more than 9 years ago | (#12488213)

Is it just me or do others see some issues with the people who provide the cure also providing the pictures documenting the severity of the infection? Symantec, for one, has already been slammed for sounding the alarms and hyping the dangers in order to elevate the demand for their product. Now I'm to trust their software that shows dramatic footage!! of these insidious worms assaulting the world as we know it.
Next you'll probably want me to go ask the Bush camp if we should invade Iran or the Democrats if we should repeal the two term law and re-elect Clinton again. On my way I'll stop by the car dealership and see if my current car is okay or if I should get a new one just to be safe.

Re:Snake Oil for sale (2, Insightful)

utexaspunk (527541) | more than 9 years ago | (#12488379)

while i agree that the antivirus companies have some dubious tactics, i dunno if this is really all that inappropriate. people studying diseases often study transmission patterns and infection rates, but we don't accuse them of any impropriety. you'd expect an oncologist to have some decent pictures of a cancer spreading, wouldn't you?

Re:Snake Oil for sale (2, Insightful)

iritant (156271) | more than 9 years ago | (#12488402)

On its own I wouldn't discount what Semantec says. However, "simulations" generally involve models, and those models have assumptions. What are the assumptions in this model, I wonder? We already know that a virus can travel roughly at the speed of a disk drive's ability to write.

It would be more interesting to see a study of computer-based virii versus biological ones. How about some real epidemiologists take a crack at it? Perhaps they already have..

Anyone? Anyone? Bueller?

Re:Snake Oil for sale (1)

Monkelectric (546685) | more than 9 years ago | (#12488448)

Symantec has been hitting the press very hard, this is just the latest in their ongoing attempt to convince us they dont suck.

Re:Snake Oil for sale (0)

Anonymous Coward | more than 9 years ago | (#12488558)

As geeks, to us, they suck.... but never underestimate their value to the average user, whose computer actually becomes usable thanks to them.

Re:Snake Oil for sale (1)

qualico (731143) | more than 9 years ago | (#12488687)

...and using /. to do it!

*Yawn* (3, Insightful)

mattmentecky (799199) | more than 9 years ago | (#12488218)

I guess it's a nifty little cute program in a non-technical sense. But I see nothing more here than a program that (at least seemingly) arbitrarily places a red dot on a spinning globe biased to developed nations along a timeline where you can load up various "different worms" which frankly all look the same. I would say this is one step up from a clunky/dorky flash. It would have been nice if it was at all a little bit more technical.

Goodbye Slashdot. (2, Insightful)

shippo (166521) | more than 9 years ago | (#12488222)

I've been reading (and occasionally posting) to Slashdot for years.

However this farcical link to a .MSI file has convinced me that you are now just a bunch of clueless morons.

Goodbye.

Re:Goodbye Slashdot. (4, Insightful)

utexaspunk (527541) | more than 9 years ago | (#12488410)

and all the comments mentioning the stupidity of the .msi link didn't make us not morons? everyone agrees the editors suck, but i think it's safe to say most of us don't come here for the quality articles. most of us don't even read them! we're here for the discussion.

anyway, don't let the door hit you on the way out!

Re:Goodbye Slashdot. (3, Funny)

Lothsahn (221388) | more than 9 years ago | (#12488413)

...you must be new here.

Re:Goodbye Slashdot. (3, Funny)

sehryan (412731) | more than 9 years ago | (#12488436)

Can I have your UserID?

Re:Goodbye Slashdot. (1)

qualico (731143) | more than 9 years ago | (#12488600)

lol, beat me to it.

Can you post your account on eBay?
#56 here I come!

Agent USA (3, Insightful)

Sporkinum (655143) | more than 9 years ago | (#12488224)

Agent USA was the original virus simulator. It was a game for the Atari 800 in 1985.

Under OSX it looks like this ... (1)

rewinn (647614) | more than 9 years ago | (#12488289)

Running OS X 10.3.9, I get:

1. "No default application specified for SRL_Worm_Simulator.msi"

... so I specify Windows Media Player and get:

2. "Cannot play back the file. File format is invalid"

[Is SRI hinting at something???]

Re:Under OSX it looks like this ... (0)

Anonymous Coward | more than 9 years ago | (#12488474)

You will need to decompile and rewrite it. Start with a hex editor.

Re:Under OSX it looks like this ... (1)

Virtual Karma (862416) | more than 9 years ago | (#12488524)

Did you try Real Player? It works alright in Real for me. In fact it also shows exclusive footages and interviews of various worms that were invloved in the production.

Re:Under OSX it looks like this ... (1)

pdbogen (596723) | more than 9 years ago | (#12488602)

No, but OS X is hinting that .msi is a Micro-Soft Installer...

Re:Under OSX it looks like this ... (1)

night_flyer (453866) | more than 9 years ago | (#12488685)

possibly because it is a program, not a video file?
(MSI=MicroSoft Installer)

Slammer/Sapphire (5, Interesting)

carambola5 (456983) | more than 9 years ago | (#12488305)

I've already see how a worm spreads. Especially one that initially grows exponentially with a time constant of 8.5 seconds. Yes, 8.5 seconds.

Slammer [caida.org]

Pay attention to the time and infected hosts data at the bottom.

MOD PARENT UP (0)

Anonymous Coward | more than 9 years ago | (#12488418)

Not only is an animated GIF not a virus, but it's not some scare tactic windows program by an anti-virus company.

To keep this from being a pointless "mod up" post,
The full article is http://www.caida.org/analysis/security/sapphire/ [caida.org]

CAIDA did this for earlier worms... (4, Informative)

m0rningstar (301842) | more than 9 years ago | (#12488306)

... and in a WWW based format, as opposed to the executable from an AV company. I think it was two of their researchers -- Colleen Shannon and David Moore. The animation for Code Red is here [caida.org] .

end to end linkage (3, Informative)

Anonymous Coward | more than 9 years ago | (#12488325)

One of the reasons that worms spread exclusively on Windows is because you need end to end linkage. A simplified model is if I wanted to send a message to Kevin Bacon, I'd talk to friend A who knows an actor, who talks to Friend B, then friend C, who then talks to Kevin. If I tell someone who doesn't speak the language, the linkage is broken and my original message can no longer propogate.

In other words, a computer can only infect other computers through being infected itself (unless if the system is just serving files). Worms can't move through unsupported systems. Once it hits OS X or Linux system, it can't move anywhere. Windows is the only OS with critical mass high enough to achieve this. Symbian for mobile devices. This is why you won't see any Windows CE worms unless if it gains in terms of marketshare.

Re:end to end linkage (1)

Slashcrap (869349) | more than 9 years ago | (#12488772)

Worms can't move through unsupported systems. Once it hits OS X or Linux system, it can't move anywhere.

You seem to have some bizarre picture of the Internet where hosts can only reach other hosts that they are directly connected to.

An infected Linux box can reach all other Linux boxes on the Internet. Of course, it would take more scanning time to find them than it would if we were talking about Windows boxes. But so what?

One Linux box would take quite a while to infect the whole Internet on it's own. But that's not a realistic scenario. Once it's infected another host, the time taken to find others halves. And so it goes on. The time taken to find other victims is not as significant as you seem to think.

Also, check out some papers on the spread of Code Red which infected IIS servers. At the time of it's appearance there were probably more installs of Apache running on Linux on the Internet. Why no worm for them?

Anyone figure out? (4, Interesting)

doombob (717921) | more than 9 years ago | (#12488333)

I was wondering if anyone has figured out how to write new simulations for it. This would be more interesting and useful if you could write your own simulations with your own paramaters to test how the networks you are on would compare. I tried editing the simulations that are provided but all that is affected is the speed at which the percentages change.

Re:Anyone figure out? (2, Funny)

alecks (473298) | more than 9 years ago | (#12488487)

Yes you can, but you need a hex editor. Load up the exe and goto this address: 23HX,12BA... change the H to an F... This will let you literally drag and drop simulation (.sim) files in the loader and run them. I showed this to my boss earlier today and he's been busi all morning creating sim files to try out.

Worm didnt spread... (0)

Inari (19318) | more than 9 years ago | (#12488338)


Couldnt view that as my firewall stopped it. :)

In other news... (2, Funny)

qw(name) (718245) | more than 9 years ago | (#12488339)

Symantec has issued yet another warning that the world will end as soon as all the worms and viruses unite against true carbon-based life forms. Symantec CEO John W. Thompson was quoted as saying, "If people would have heeded all our warnings about the coming war between reality and virtual reality we would not be headed for certain doom." At that point he started crying as his company's stock soared to record highs.

Up next, Symantec issues a warning to the Mac/UNIX community saying that their computers are too safe from Windows-based viruses. "We can no longer support operating systems that flaunt their security in face of corporate IT managers everywhere when millions of starving children are dying of malnutrition."

The Weekly World News news service will be right back after this message from our sponsor, Symantec. Ensuring your fear, uncertainty and doubt since 1982.

This is how it always starts (-1, Redundant)

RealProgrammer (723725) | more than 9 years ago | (#12488345)

Some genius haxx0r is toying around in the lab, writing a simulated virus. There's no way it can get out to the wild, of course. The thing's just for study.

Then he spills his coffee and within a few hours everyone gets to study it.

This one just spreads through blogs. Want to see a neat virus demo? Click here!

They should know exactly.... (0)

/dev/trash (182850) | more than 9 years ago | (#12488362)

Since many think they write most of them anyway.

Brek Girl Simulation (2, Interesting)

buckhead_buddy (186384) | more than 9 years ago | (#12488385)

I like that 1970's American television ad with the cute girl who visually demonstrates exponential growth while trying to advertise something like Brek shampoo.

"I [infected] two friends.
And they [infected] two friends.
And so on.
And so on.
And so on."

Withe the screen splitting at each phrase and winding up with 32 versions of the cute girl, it's much more visually entertaining than this demo.

Re:Brek Girl Simulation (1)

mlmurray (12934) | more than 9 years ago | (#12488492)

Kudos on the 1970's commercial reference. At least now I know there's a possibility of my not being the oldest slashdot reader. (For some reason, I was thinking it was "Agree" shampoo, though... Well, it was a long time ago).

Yellow? (2, Funny)

SmokeyMirror (840301) | more than 9 years ago | (#12488403)

So I read the article and I find this bit here: As the worm spreads, nodes in the network and on the globe start turning colors. Symantec Yellow represents patched and secure machines

Tell me Symantec hasn't trademarked a shade of yellow.

Re:Yellow? (0)

Anonymous Coward | more than 9 years ago | (#12488538)

Symatec Yellow? Or Curious Yellow? [wormblog.com]

We've always suspected they were behind the whole virus thing....

From TFA (2, Insightful)

Laurentiu (830504) | more than 9 years ago | (#12488405)

The Worm Simulator will be rolled out initially to members of the Symantec Sales organization for demonstrations to enterprise customers. In addition, the Worm Simulator could become a future television star during news coverage of worm outbreaks, enabling viewers to watch a virus as it spreads. Symantec Security Response intends to use the simulator for TV appearances as well.

Translation:
We invented a new, computer-assisted sales pitcher. It could also be used as a FUD spreader on TV.

Is this the reason (1)

macaulay805 (823467) | more than 9 years ago | (#12488406)

... is this the reason why they always hype up outbreaks?? Things are starting to make sense now ...

Missing some factors (4, Interesting)

Shoten (260439) | more than 9 years ago | (#12488411)

It seems like they fail to take a number of things into account with the sim. For one, when I ran the Sasser simulation, it followed a pretty straightforward and accurate progression. Things went slowly at first, and then picket up speed as time progressed.

But within 20 days, there were no infected nodes, anywhere; as someone who works in a penetration testing lab without a firewall, I really have to say that this is not real. And within 52 days, 100% of the world was patched. What? It was more than 95% within 30 days too, and I don't believe that either. There's no accounting for new systems coming out of the box (and onto the net) without patches, and no representation for the fact that there will never, ever be 100% coverage for any patch.

That said, it is a pretty interesting tool to see how things spread, both globally and within an organization. You just have to keep in mind that it doesn't tell the whole story.

Re:Missing some factors (1)

NoOneInParticular (221808) | more than 9 years ago | (#12488542)

Well, maybe these days the owners of the countless spamming zombies are patching 'their' windows machines ;)

Real data: Analysis of the Witty worm (3, Interesting)

G4from128k (686170) | more than 9 years ago | (#12488422)

/. discussed the Witty worm [slashdot.org] back in 2004. This analysis [caida.org] used UCSD Network Telescope IP block (containing 1/256 of IPv4 space) to sample the randomly spewed packets created by the worm. They were able to analyze quite a few interesting features, including the fact that the worm was jump-started by an infection of about 110 PCs at the outset, 24-hour cycles in infected/reinfected machines, and data on the distribution of bit-rates of worm transmitters.

Speaking of spreading worms... (2, Interesting)

Anonymous Coward | more than 9 years ago | (#12488428)

How timely this article!

Today an internal customer asked me why Slashdot seemed to be broken. I check the firewall logs and, lo and behold, discover 66.35.250.150 triggered the firewall's IDS for tweaking port 2000/TCP.

Why was /. poking at that port on my firewall, particularly considering what's usually there [sans.org] ?

Re:Speaking of spreading worms... (0)

Anonymous Coward | more than 9 years ago | (#12488523)

They were checking to see if you were a proxy that they should ban.

Re:Speaking of spreading worms... (0)

Anonymous Coward | more than 9 years ago | (#12488638)

They were checking to see if you were a proxy that they should ban.

Most sites that are going to port-scan you "legitimately", somewhere tell you so. I checked /. pretty thoroughly and found no mention of such activity.

I guess I shouldn't be surprised...

Are you protected (2, Interesting)

Turn-X Alphonse (789240) | more than 9 years ago | (#12488452)

Are you protected in 2 answers

Do you understand computers and how to run one securely? Yes/No if Yes continue, if no then you arn't.
Is a patch finished and installed? If yes then you're fine. If no then you arn't protected.

Obviously opening strange program files comes under number 1, but they may make it three points if you wish.

Make the "pictures" a PowerPoint presentation... (2, Funny)

faloi (738831) | more than 9 years ago | (#12488471)

If it's gonna be a marketing pitch, they should at least make it PowerPoint so the people that try to get money to buy the solutions can make it management friendly... A few slides, some small buzzwords and presto! People get funding! Makes me crazy...Crazier. Whatever.

Like most worms... (1)

sw149 (570618) | more than 9 years ago | (#12488660)

And like most worms it's only available on Windows.

It's a virus!!! (1)

CProgrammer98 (240351) | more than 9 years ago | (#12488794)

Don;t open the link, it will wipe your hard drive and steal all your passwords, empty your bank account and blow up your monitor and printer...

Seriously, this is exactly how this shit spreads - get someone to download something "cool" - one reason why I never get crack patches from the warez sites...

an even better question: ... (2, Funny)

cutecub (136606) | more than 9 years ago | (#12488795)

What does a spreading Worm Simulator look like?

Thanks to the Slashdot effect, I think we're gonna find out.

-S

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?