Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Doomsday malware: It's only a matter of time

Roger A. Grimes | Aug. 29, 2012
The most destructive malware hasn't made it into the wild yet -- and when it does, it'll put today's 'supermalware' to shame

Low-profile mayhem
A more dreaded worm would be one that infected low and slow. The slowness isn't that important, but the low attribute implies that the beast can infect as many victims as possible without incurring immediate responses from admins. The perfect malware program would go about doing its dirty work, hitting more hosts, possibly getting backed up along with normal data so that even all the saved backups were compromised.

Another interesting trait of Slammer was that it was a memory-only program, unlike most malware that writes itself to files, folders, and registry keys, a method that can guarantee it lives through a reboot. However, this sort of modification makes it easier to find by host intrusion detection systems. Compare this to flipping a few thousand bytes in memory (Slammer was less than 500 bytes in size), which tends to fly below the radar.

To qualify as uber-malware, it would need to be cross-platform, infecting all popular operating systems and computer sizes, from data center servers to smartphones. It would infect Windows, OS X, BSD, and Linux at a bare minimum, but it could add Solaris, Unix, Android, iOS, and other OSes for complete world domination.

This superbug would probably be ransomware, encrypting everyone's data; if the malware is removed, the data is lost forever. Such ransomware already exists, and it's scary when the decryption key cannot be cracked. I've had to reinfect systems with ransomware just to access the data it was encrypting; only then could it be removed permanently.

A scary malware program would use large keys from proven crypto (say, AES-256) and store those keys at the originator's lair. That way, you must go through the creator if you want to decrypt the data. Or maybe the malware program does the exact opposite. Instead of encrypting  your data, it sends it all out onto the Internet where anyone can access it. I'm not sure which scenario is worse.

A ticking time bomb
Low and slow, a superbug would infect as many computers as it could. It would slip into the source code of a popular software title (which already happens on a fairly regular basis). Everyone installs the product, and the malware sits dormant for months, with users blissfully unaware of the ticking time bomb on their hard disk.

Then, at some predetermined date and time ... boom! Every possible computer -- think hundreds of millions of consoles -- goes down at the same time. Instead of resembling Slammer, which lacked a payload, the superworm would go off with devastating consequences.

Your home computer is down. The Internet is down. Your cellphone is down. The stock market is down. The television networks, the newpapers, your company, aviation, the military -- they're all down.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.