From: Eugene Leitl (eugene.leitl@lrz.uni-muenchen.de)
Date: Tue Aug 17 1999 - 19:48:39 MDT
Bryan Moss writes:
> I did think about a self-reproducing worm. With it we could do away with
> the server and let the worms report to each other. For instance, say a worm
I wasn't thinking about reporting at all (any reporting mechanisms
will be most likely eliminated by mutation before long). Feedback
could be as simple as catching a few specimens on the Net, and
dissecting them. In case of emergence of the more complex individua
one could eavesdrop on their traffic/communicate with them directly.
> has searched data spaces 1, 2, and 3, and, detecting that its host is
> on-line, starts propergating to random IPs. Its children do one of two
> things; if no worm is detected on the new IP the new worm will take root and
A worm infection could fortify the affected system against such future
attacks (e.g. by patching the constructive buffer overrun
hole). Everything within the worm should be mutable, which makes
scanning for them impossible (and prevents vaccination).
> search random data spaces (with probabilities weighted against 1, 2, and 3).
> If an existing worm is detected the new worm copies its data (i.e. "data
> spaces 1, 2, and 3, searched with no success") to the existing worm and
> terminates (or in other terms, it merges -- this could also be used to
> update the worm). I'm using random data as much as possible because it cuts
> down on data exchange and means the worms don't have to keep track of each
> other. Error correction would be through massive redundancy (the worms
> would only have an increased probability of avoiding an already searched
> space so many searches will be performed on the same space). The whole
I think cracking cryptosystems and looking for bigger primes (or
searching for aliens beaming monochromatic RF) is a remarkably
pointless enterprise. Establishing an open-ended coevolutionary arena
of individua breeding at machine code and FPGA cell level is obviously
much more rewarding (and, admittedly, dangerous).
> system of searching for primes, hiding, merging, copying, and checking for
> errors could probably be packed into a very small, very efficient program.
> You could expect to unleash it on the net and within months have a fresh new
> 10 million digit prime and a $100K cheque. Well worth the investment of
> some time and a little intellectual hardship.
> The reason I went with the novelty attachment idea is that if there were
> an unexpected bug in the program (and there's bound to be an unexpected bug
> in the program) there'd be less chance of crashing something important and
> pissing a lot of people off.
Crashes are inevitable if you breed machine code which is run outside
of virtual machine sandboxes.
> I don't think detection is much of a threat, the majority of people don't
> worry about viruses until their system crashes. Of course if someone found
They would see massive performance degradation and lots of random
crashes, especially on Wintel boxen. The worm hunt will be on bigtime.
> out what the purpose of the worm was it might make going public with the
> results a little more risky. (I'm not sure of the laws concerning viruses,
> would what I'm suggesting be illegal?)
As a popular German saying goes: "legal, illegal, scheissegal".
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 15:04:48 MST