Return-Path: <sentto-279987-1588-997538478-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 11 Aug 2001 07:02:15 -0700 (PDT) Received: (qmail 7039 invoked by uid 510); 11 Aug 2001 13:03:22 -0000 Received: from n28.groups.yahoo.com (216.115.96.78) by 204.181.12.215 with SMTP; 11 Aug 2001 13:03:22 -0000 X-eGroups-Return: sentto-279987-1588-997538478-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by f19.egroups.com with NNFMP; 11 Aug 2001 14:01:18 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_1); 11 Aug 2001 14:01:18 -0000 Received: (qmail 50579 invoked from network); 11 Aug 2001 14:01:16 -0000 Received: from unknown (10.1.10.27) by m8.onelist.org with QMQP; 11 Aug 2001 14:01:16 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 11 Aug 2001 14:01:16 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA05286 for iwar@onelist.com; Sat, 11 Aug 2001 07:01:12 -0700 Message-Id: <200108111401.HAA05286@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 11 Aug 2001 07:01:12 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] http://www.cs.berkeley.edu/~nweaver/warhol.html Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit It starts: The following is an analysis of a worst case virulence for a computer worm, using existing mechanisms and a modified infection strategy. Such a "Warhol Worm" could infect every vulnerable machine in a 15 minute time period, outpacing human defense. It is important to understand the possible threat, in order to develop better defenses. The recent outbreak of the Code Red active worm has demonstrated how vulnerable our infrastructure is. But the worm could have been a thousand times worse. It could have contained a malicious payload: corrupting data, reflashing BIOSes, and potentially destroying machines. It could have included attacks for different servers, or a secondary email component, to increase its reach. But although it was fast, the 12 hours it took to reach epidemic levels still allows for an organized response. But by simply changing the infection pattern, it is possible for a malicious programmer to build a "Warhol Worm", able to attack all vulnerable machines, worldwide, in 15 minutes. A reactive, human defense would fail before such an onslaught. It is an important exercise to realize just how vulnerable we are. Read the rest at: http://www.cs.berkeley.edu/~nweaver/warhol.html FC --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fc@all.net The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT