Worms evolving into complex beasts

Computer systems are becoming more like living organisms, says an expert - and harder to keep healthy
Written by Robert Lemos, Contributor

The next generation of computer worms will be stealthier, more targeted and harder to defend against, a security expert predicted at the Black Hat Security Briefings Wednesday.

"They are adaptive; they are evolving," Jose Nazario, a researcher for computer-security group Crimelabs, said of worms, malicious, self-replicating programs that have become a favourite tool of online vandals.

Nazario, who is doing doctoral work in biochemistry at Case Western University, called today's viral code the equivalent of "primordial ooze." While malicious code -- such as the Love Bug, Hybris, Ramen and 1i0n -- has successfully spread widely, such programs are essentially less evolved than single-celled organisms.

In the future, Nazario expects more complicated and effective programs that will be used to attack specific companies and pieces of the telecommunications infrastructure.

"We have to start thinking about worms -- and networks -- in the same way that we think about living systems," he said.

In the past year, computer worms have had immense success. Once limited to occasional flare-ups of mass-mailing programs, such as Melissa and the Love Bug, today's worms don't require any user interaction, allowing them to spread automatically.

Yet, while the most recent worms -- such as Ramen, 1i0n and Sadmind -- have spread quickly, their success has made detecting them easy. "Worms, as they stand currently, are highly visible and easily blocked because of the high traffic they generate," Nazario said.

But that will change over the next 12 to 18 months, Nazario said. Worms that can be targeted to take over specific systems and report back once they succeed could be developed. Programs similar to the original concept of a worm -- called a "tapeworm" in John Brunner's 1970s science-fiction novel "The Shockwave Rider" -- that have a limited number of infected computers linked together could stealthily wend their way through the Internet.

And with the new technology, the original strength of worms -- their automated speed -- will remain, said Nazario.

"They are incredibly fast-moving, faster than you," he said. "By the time you have identified the worm, it is already widespread."

Dave Dittrich, a security engineer for the University of Washington in Seattle and an expert on responding to worm incidents, agreed that worms will evolve into a greater threat.

"If you take a biology perspective, then having a system that can be exploited is the same as having a weak immune system, and patching your system is like getting your shots before you travel," Dittrich said.

And keeping the computer immune system healthy is increasingly important as worms become more common, he said. "On the Internet, flu season is every day."

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards