Slammer: 'Warhol worm' was famous for 15 minutes

Will Young, Gareth Gates...eat your heart out...
Written by ZDNet Staff, Contributor

Will Young, Gareth Gates...eat your heart out...

A study has found that the Slammer worm hit almost all of its victims within 10 minutes, setting a new milestone in malware evolution. This rapidity puts Slammer into the realm of what is known as a Warhol worm, or one that could infect the entire internet in 15 minutes. SQL Slammer, also known as the Sapphire worm, infected more than 90 per cent of vulnerable computers within just 10 minutes, opening a new era of fast-spreading viruses on the internet, according to a US think tank. The findings come from the Cooperative Association for Internet Data Analysis (CAIDA), a US body largely funded by government agencies such as the National Science Foundation, and devoted to developing tools and standards for measuring internet traffic. According to a CAIDA report issued late last week, the worm doubled in size every 8.5 seconds when it first appeared, and reached the full rate at which it was scanning for vulnerable computers - a rate of more than 55 million scans per second - after about three minutes. Researchers have theorised about such worms for some time, and a paper presented at last year's Usenix Security Symposium by security experts Vern Paxson, Stuart Staniford, and Nicholas Weaver also predicted the emergence of a "flash worm", which could scan the entire Internet in a matter of seconds. Until now, however, no examples have been released into the wild. The authors of the CAIDA report, David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford and Nicholas Weaver, noted that the worm paves the way for future versions that could spread even more quickly and create more chaos. "If the worm had carried a malicious payload, had attacked a more widespread vulnerability, or had targeted a more popular service, the effects would likely have been far more severe," they wrote. Slammer's spread was two orders of magnitude faster than Code Red, which infected 359,000 computers in the summer of 2001, and doubled in size only about every 37 minutes, CAIDA said.
Editorial standards