Speaking at the Defcon security conference in Las Vegas last week, Jonathan Wignall, chairman of independent pressure group the Data and Network Security Council, discussed the changing threat of computer worms.
Wignall noted that the Slammer worm, which exploited a software vulnerability in Microsoft's SQL Server 2000 database in February, was the fastest-spreading worm yet. Its effectiveness was mainly due to its small size (376bytes and coded in Assembler). The result was that Slammer spread across the internet within 30 minutes.
However, Wignall said Slammer was inefficient and there were plenty of improvements that could be made to produce a far more virulent attack. "The problem was Slammer kept trying to attack the same machines," he said.
He said in future users might see smarter "superworms" which would be able to communicate with each other, passing on details of machines that had already been attacked. Fortunately, superworms are beyond the technical expertise of most hackers today.
Superworms could also be used in cyberwarfare. Wignall said, "Server-controlled worms might be used to target specific countries or regions." In effect, the spread of the worm would be controlled by a set of servers on the internet.
Another form of attack he suggested was the Warhol worm, which targets a hit list of vulnerable machines. To avoid any duplication in effort, if it detects an existing copy of the worm within this list of IP addresses, it will move to another randomly chosen list of IP addresses in order to locate host computers.