Computer Worms are Getting Smarter

Our computational server was just hit by a worm that has also affected several other machines at our university. What’s remarkable is the rate and sophistication of innovation in this field (not that it’s a good thing). The worm that hit us is called Downad.ad, a recent member of a family known as the Conficker. Early versions of this worm simply gave its mysterious authors remote access to an infected machine. However, over time the worm’s main task has changed: its primary job is now to infect machines, keep hidden and make itself difficult to eradicate. It does so by using sophisticated encryption techniques, blocking antivirus tools and software upgrades, and most interestingly by making deep changes to the operating system and to itself to remain obfuscated. Once lodged into the victim’s computer, it doesn’t actually harm its host but acts as a parasite, forming a node in a gigantic virtual supercomputer that enables other nasty bits of software to be downloaded and run in a distributed fashion. Amazingly these bits of code are themselves encrypted and distributed using a very sophisticated system. After running the downloaded code, the infected machine sleeps for some time before repeating the cycle. I’m not a computer security expert, but it seems to me that the strategy is very clever – basically the worm writers have decided to create a General Purpose Technology that can be used in numerous ways. Now I wish they had popped up a screen right into Stata on our infected machine and offered me some of that computing power for number crunching.