At the height of the barrage, the AnnaKournikova virus--which took the pernicious form of a "worm" attachment--was included in one of every 106 e-mails arriving at the gateway of MessageLabs. The email service provider saw almost 20,000 copies of the worm in a week.
"It blew up that day," said Mark Sunner, chief technology officer. "We saw a bell curve around the working hours...It sat in a critical mass of in-trays and, when people came to work, it kicked off."
Computer worms are not ordinary viruses. Their ability to spread quickly across the Internet has made worms the weapon of choice for malicious vandals to spread their latest creations. Furthermore, the programs can be easily copied and changed, and point-and-click tools to create complex worms are readily available.
In fact, of the annual 10 most widespread infections, worms accounted for half in 2000, sharing the No. 1 honors with macro viruses, according to security site SecurityPortal. And early indications in January and February suggest that worms will account for at least eight of the top 10 slots in 2001, with AnnaKournikova, Hybris and LoveLetter variants leading the list.
Though creating such programs in the past may have required some technical knowledge and, possibly, a mentor in the virus-writing underground, today anyone can download applications from the Internet to do the work for them. The VBS Worm Generator--the program responsible for creating the AnnaKournikova virus--has been downloaded more than 15,000 times from one popular site, VX Heavens, according to that site's administrator.
"These kits are very easy to use and can be found by anyone who knows how to use a search engine," said Max Vision, a security-conscious hacker who edits the security site Whitehats.
The worms created with such generators can vary from benign mass mailers that clog email gateways to vicious code that is the equivalent of the Ebola virus to computers. What differentiates these two extremes is what the author throws into the mix. Yet no matter the payload, worms deliver quickly.
"Worms...can proliferate extremely fast through a network," said Ken Dunham, senior analyst for SecurityPortal. "This is especially true when one considers the fact that the average user knows very little (about) computer technology and commonly practices unsafe computing methods, such as blindly opening any attachment within an email."
Originally coined in a 1982 paper by researchers John Shoch and Jon Hupp of the Xerox Palo Alto Research Center, the term "worm" is derived from "The Shockwave Rider," a 1972 science-fiction novel about the downfall of an Orwellian society caused, to some degree, by a "tapeworm" program that liberated data as it proliferated through networks.
Shoch and Hupp had needed a way to automate the installation of Ethernet-performance measuring tools on more than 100 computers at Xerox PARC, so they turned to a class of programs that could send and install themselves across the network. The programs installed quickly, could be updated and ran automatically.
"What we called the worm is a kind of distributed computation that is a really interesting and powerful thing," said Shoch, now a general partner at venture capital firm Alloy Ventures.
But to the pair's dismay, when their program developed a bug, the bad code automatically spread across the network as well.
"The worm would quickly load its program into (the computer); the program would start to run and promptly crash, leaving the worm incomplete--and still hungrily looking for new (computers)," Shoch and Hupp wrote in a 1982 paper on the experiments with that and other self-spreading programs.
"The embarrassing results were left for all to see: 100 dead machines scattered about the building."
The computer worm was born.
