The Hacker News Logo
Subscribe to Newsletter

A Doomsday Worm - The Sputnik of 2011

We had an Interesting Article by "Paul F Renda" in our The Hacker News Magazine's November Edition. We would Like to share this article with our website readers also. You can Download November Issue Here.


This is a theoretical prima to bring out a discussion about whether an Internet doomsday worm can be created that is so intractable that it cannot be eradicated. This worm could also have the ability to carry multiple weaponized payloads.

Can a doomsday worm shut down the Internet? I don't think anyone could shut down the Internet but I believe a worm can definitely create access problems. An intractable type of malware agent is not an abstract concept or science fiction.

A doomsday like virus has been plaguing the U.S.Drone fleet. They keep trying to disinfect their hard drives but it keeps coming back. The Pentagon has been plagued by the worm agent.btz; they are still trying to remove it after 3 years. Some analyst think agent.btz was created by China. The Drone’s highly secure pc’s and networks are not connected to the internet. The infection was introduced by mobile media like zip drives and cds. Let’s put together the best aspects of worms and biological infectious agents.

The AIDS virus has confounded medical science for number of years. It seems to be one of the most successful viruses in modern history. From the article “Why Diseases Such As AIDS Are So Successful and So Deadly:” “Cell-to-cell transmission is a thousand times more efficient, which is why diseases such as AIDS are so successful and so deadly,” writes Mothes. “And because the retroviruses are already in cells, they are out of reach of the immune system.”

The statement, “Cell-to-cell transmission is a thousand times more efficient” is the best analogy to social networking sites that have the greatest transmission throughput.

On the second line, “They are out of the reach of the immune system,” compares if you take a corporation with 1,000 nodes that are infected it’s easy for data security to push down a solution and remove the worm. The PCs that are actually outside the immune system are almost always home PCs, iPods, Android phones, and small network PC groups.

What else can we learn about a biological model? If you walked into the middle of crowded room and asked if anyone knew Mary Mallon or Gaetan Dugas, you’d probably have a lot blank stares. Gaetan Dugas was the AIDS patient zero, and Mary Malone was the infamous Typhoid Mary. They share some similarities that helped them to infect a lot of people. They appeared healthy and did not have any outward signs of any health issues. The gestation period for AIDS was more than 10 years and Dugas infected a lot of men during that time. Mary Mallon was a cook. She handled food and utensils, and at one time, she worked in a hospital. Mary she was a carrier of typhoid but did not get sick. Some of these ideas could build a good model for a worm.

With the above and what I know of malware, let’s build a model:
  1. It would have to operate in the noise level of the Internet.
  2. It would have to behave as a WebCrawler or spider to stay off of the radar of malware companies.
  3. It would have to infect its hosts with minimal discomfort; that is, minimally slow them down or it make it appear as if it was not a type of malware that somebody would want take the effort to remove.
  4. It would have to infect very slowly.
  5. It would have to be self-aware—it would have to recognize itself trying to re-infect a host.
  6. A model would have to be built for it to judge how its growth rate would have to be modulated.
  7. AIDS had a gestation of up to 10 years. A gestation time on the Internet of only one year would be an incredibly long time.
  8. The worm would have to be modular enough to take different payloads.
  9. It would have to try to just infect home PCs. Home PCs have been deluged with strange malware and bogus antivirus pop-up ads. Recently, Microsoft tried to issue a malware solution. This antimalware flagged Goggle Chrome as a Trojan, and actually removed Goggle Chrome from a number of PCs.
  10. It may also contain code to write to places on hard drives that are normally inaccessible to antimalware programs.
  11. It would have to self morph, it would have to evolve.
  12. Be able to present different signatures to antimalware.
  13. It would have to be able to target specific IP addresses.
  14. It would have to reach a certain critical mass before reveling itself.
What kind of weapon would this doomsday worm be ?
Depending on payload, it can have multiple objectives. For example ,it can be a psychological, financial or political weapon. Today people are addicted to the internet for face book and other social sites. People denied their daily internet fix would be more anxious and depressed. As a political tool it can slow down the internet right before an election. The incumbent party will receive most of the blame. Today many people use the internet for their financial transactions. Selling stock transferring money etc. any disruption on the information super highway. Slowing down the internet during financial market volatility can have very negative affect.

A country that gets the first doomsday worm on the internet has won the equivalent to space race. Having a doomsdays worm can be the equivalent to the 1957 Sputnik launch.

I got the idea for a doomsday worm from a Chinese hacker website. I don’t speak Chinese, so I had to use Google Translate, and as they say sometimes things get lost in the translation.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.