New scientific research claims to have found a method for early detection of the most destructive Internet worms as Kaspersky Lab gets to work on the "blackmailer" virus.
If you roll your eyes over university studies that spend thousands of dollars to announce perfectly obvious findings like, "9 out of 10 children choose Fritos over broccoli," then you'll be heartened to see that some people are doing practical research. Science Daily reports that Networking and Communications Eminent Scholar Ness Shroff and colleagues at Ohio State University believe they have found a method that automatically scans and detects when an Internet worm infects a network -- within minutes. Of course, being able to narrow down infection that early could allow network administrators to quickly quarantine infected machines and keep Internet worms like Code Red and SQL Slammer from spreading catastrophically.
The worm research began at Purdue University where Shroff was working at the time that a doctoral student suggested making a mathematical model of early worm growth.
The key, they found, is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans -- a sign that it has been infected -- administrators should take it off line and check it for viruses.
They settled on a magic number of 10,000 scans to be reached in order for monitoring software to alert administrators. The method was tested against Code Red and SQL Slammer worms with significant success. Read more about the studies in the Science Daily report.
Taking it to the "blackmailers"
CNET News. com reports that Kaspersky Lab is launching an assault on the Gpcode virus that infects users' computers, locks up the data, and then extorts money from victims to get the data back.
The company announced the "Stop the Gpcode Virus" initiative Monday and extended a public invitation to all cryptography experts and other researchers, saying it has sufficient information about the virus to enable experts to begin working on factoring the RSA key.