Threat Analysis of Incubation Period in Malware Epidemics
Epidemic malicious codes including Internet worms and botnets have continuously evolved to be more intelligent and complicated. In particular, the recent Distributed Denial-of-Service (DDoS) attack that occurred in United States and South Korea in July, 2009 gives an opportunity to reconsider the epidemic malicious code. Since automatic patching systems and intelligent intrusion detection and prevention systems mitigate rapid infection, fast infections such as slammer-like worms cannot successfully spread. As of the 2009 July DDoS attack, malicious codes prefer hiding their malicious activities and trying to infect others silently until D-day. Since slow infection is difficult to detect by the current IDS or IPS, this infection strategy is likely to become prevalent.