The Price of Worms

How damaging are worms?

Very, says Sandvine Inc, a Canada based Internet security company. It says that the main damage is on ISPs who lose bandwidth to them, and face daily Denial of Service attacks. “In fact,” Sandvine says in one new report (PDF, registration required), ”Internet worms and the malicious, malformed data traffic they generate are wreaking havoc on European service provider networks of all sizes, degrading the broadband experience for residential subscribers and imposing hundreds of millions in unplanned hard costs directly related to thwarting attacks.”

Worms, Sandvine says, consume “massive amounts of bandwidth as they replicate. And depending on the number of vulnerable hosts in a given network environment, a worm can create hundreds of thousands of copies of itself in a matter of hours.” The company’s research shows that between 2 and 12% of all Internet traffic is malicious. Even on a well-run ISP network, that figure is about 5%. And if that doesn’t sound very much, consider the warped effect worms have on processor power, when they propagate and probe for weak spots.

All this means that residential subscribers are going to feel the hurt, partly because it’s their Internet connections that are being targeted by worms, and partly because their connections are going to slow down with all this extra traffic, Sandvine warns. Then of course there are infections: The dirty secret of worm infections is that if you’ve got one, the only sure way to get rid of it is to reinstall everything.

For now, ISPs keep quiet about these things; they don’t want to scare off subscribers, and they don’t want the bad guys to get any fresh ideas about their vulnerabilities. But it seems to me that worms and bots are a topic that needs to be researched, reported and resolved more than it is.


The Trojan Spammer: You

You, my friend, may be the problem.

Further to my earlier posting about worms, here’s another piece from Sandvine (actually today, I think: This was the one I was looking for originally. So far it’s not on their website): It looks at how spam trojans — the bits dropped on board a PC by the worms mentioned earlier — are causing huge headaches, since they are turning home computers into the infrastructure through which most spam is sent. That means you. “Spam trojans,” Sandvine says, ”are likely responsible for up to 80% of all spam.” I’ve heard even higher figures.

Sandvine goes on: “What used to be merely a nuisance is becoming a major headache for service providers of all sizes. Contrary to the seedy stereotype of lone spammers looking to “get rich quick,” feverishly toiling away in dark basements, the vast majority of spam now emanates from home computers infected with spam trojans.” Well yes, but that’s somewhat misleading: In fact there still are sleazy lone spammers out there, it’s just that they send their stuff via home PCs these days, rather than PCs in their basement. They’re still feverishly toiling: It’s just they’ve found a way to shave a good deal off their hardware costs.

But I think they’re right when they say this: “In fact, many of the most well-publicized worm attacks in recent months were launched expressly to install spam trojans on unsuspecting end users’ machines — waiting to be utilized at a later date as a spam delivery relay.” I find it surprising this kind of thing is not spelt out more clearly: You’d be hard pressed to find this included in a description of a worm on an anti-virus site. Why is that?