Intelligent Machines

Worm Watchers

Software: Simulation tools fight new network parasites.

Most people now know the drill when it comes to thwarting a computer virus. Receive an e-mail with a vague subject line? Trash it.

If only that were enough to keep the Internet free from the wanton devastation of Code Red II and Nimda, just two of the new automated menaces (both technically worms, rather than viruses) now infecting millions of computer networks. Security experts admit such attacks can’t be prevented entirely, but they say simulation technologies now in development might at least help network operators predict how their systems will respond to invaders, so they can prepare better defenses and contain the damage.

The latest rashes of corrupting code are particularly virulent because they don’t require any social engineering-a phrase used to describe how virus makers trick people into opening tainted e-mails-and can infect networks without anybody noticing. Code Red II scans the Internet for vulnerable Web servers and creates “back doors” that allow hackers to control the servers remotely, to date causing $2 billion worth of server downtime and Internet traffic jams. Nimda spreads automatically via shared files, Web pages, e-mail and other routes. Infected computers can be cleaned, but the worms spread with such speed and in such volume that networks can grind to a halt.

This story is part of our January/February 2002 Issue
See the rest of the issue
Subscribe

Security experts are working to remedy individual vulnerabilities, but they agree the virus makers will always be able to find new ways to intrude. “It’s no longer a question of How can we keep them from coming in?’ but What do we do now?’” says computer scientist David Fisher at the CERT Coordination Center, a government-funded research and development center for Internet security at Carnegie Mellon University. Fisher helped develop Easel, a software simulation tool that runs potential nightmare scenarios involving the likes of Code Red and Nimda. Using the collected data from previous attacks-how many servers were affected in what span of time, for instance-it creates reference models that computer security specialists can use to minimize damage in future attacks. They might, for example, configure a network to recognize a nascent infection and shut down affected servers before the virus can spread further.

The center recently released the beta version of Easel, and similar software is under development at companies such as McAfee and Symantec. “We can’t hope to stop them,” says Sam Curry, virus expert at McAfee, “but by knowing what might happen when they do hit, we can at least keep them contained.”

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.