Ness Shroff, Ohio Eminent Scholar in Networking and Communications at Ohio State University, and his colleagues describe their strategy in the current issue of IEEE Transactions on Dependable and Secure Computing.
They discovered how to contain the most virulent kind of worm: the kind that scans the Internet randomly, looking for vulnerable hosts to infect. "These worms spread very quickly," Shroff said. "They flood the Net with junk traffic, and at their most benign, they overload computer networks and shut them down."
Code Red was a random scanning worm, and it caused .6 billion in lost productivity to businesses worldwide in 2001. Even worse, Shroff said, the worm blocked network traffic to important physical facilities such as subway stations and 911 call centers.
"Code Red infected more than 350,000 machines in less than 14 hours. We wanted to find a way to catch infections in their earliest stages, before they get that far," Shroff said.
The key, they found, is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans -- a sign that it has been infected -- administrators should take it off line and check it for viruses.
Always remember that we must apply research information in our activities for us to enjoy science.- Nena E. Mallari