The Future of Internet Worms

Presented at the Blackhat Briefings, July, 2001, Las Vegas

Jose Nazario

July 20, 2001

ABSTRACT: Network worms, simple slang terminology for automated intrusion agents, represent a persistent threat to a growing Internet in an increasingly networked world. However, their evolution has been somewhat limited, and they still rely on the same basic paradigms, which contain fundamental flaws. We analyze the basic components of a worm and apply this analysis to three worms found in the wild on the Internet. We then proceed to analyze the limiting factors of existing worm paradigms and outline new ideas which we expect to become prevalent. These new worms will prove to be more difficult to identify and eradicate. It is our intention in sharing this knowledge to stimulate the development of strategies to detect and counteract the threat of smarter network worms.

[full text - PDF (Acrobat)]

[Hi-res - Powerpoint]