What Does a Spreading Worm Look Like? 233
quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."
Re:launching a windows executable from a link (Score:5, Interesting)
real plot? (Score:3, Interesting)
Slammer/Sapphire (Score:5, Interesting)
Slammer [caida.org]
Pay attention to the time and infected hosts data at the bottom.
Anyone figure out? (Score:4, Interesting)
Brek Girl Simulation (Score:3, Interesting)
"I [infected] two friends.
And they [infected] two friends.
And so on.
And so on.
And so on."
Withe the screen splitting at each phrase and winding up with 32 versions of the cute girl, it's much more visually entertaining than this demo.
Missing some factors (Score:5, Interesting)
But within 20 days, there were no infected nodes, anywhere; as someone who works in a penetration testing lab without a firewall, I really have to say that this is not real. And within 52 days, 100% of the world was patched. What? It was more than 95% within 30 days too, and I don't believe that either. There's no accounting for new systems coming out of the box (and onto the net) without patches, and no representation for the fact that there will never, ever be 100% coverage for any patch.
That said, it is a pretty interesting tool to see how things spread, both globally and within an organization. You just have to keep in mind that it doesn't tell the whole story.
Real data: Analysis of the Witty worm (Score:4, Interesting)
Speaking of spreading worms... (Score:2, Interesting)
Today an internal customer asked me why Slashdot seemed to be broken. I check the firewall logs and, lo and behold, discover 66.35.250.150 triggered the firewall's IDS for tweaking port 2000/TCP.
Why was /. poking at that port on my firewall, particularly
considering
what's usually there [sans.org]?
Are you protected (Score:3, Interesting)
Do you understand computers and how to run one securely? Yes/No if Yes continue, if no then you arn't.
Is a patch finished and installed? If yes then you're fine. If no then you arn't protected.
Obviously opening strange program files comes under number 1, but they may make it three points if you wish.
Re:What a spreading worm *really* looks like. (Score:3, Interesting)
Unbiased? (Score:2, Interesting)