Most worms today that infect machines try to report back to centralized servers specified by the creator (to upload/download data). The only problem with this approach is that centralized servers can be shut down to prevent the spread of the worm and cease information gathering. Now, what would happen if worms were "smarter" and instead utilized the BitTorrent networks? With a small server client built into the worm payload and 50,000-100,000 infected machines, the author(s) (and even the worm itself) now has access to the data being harvested without the crutch of a single (or a few) predetermined access points. Do you guys think this approach will be utilized in the more advanced worms of tomorrow?
Some worms have been propogating using P2P-like methods for a while now. Check out Sinit if you're not familiar with it.
http://www.lurhq.com/sinit.html
This model will surely be recreated and improved, sooner rather than later.
Brian -- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota
"There are 10 types of people in this world. Those who understand binary and those who don't."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
