Warhol Worm 'could hit one million PCs'

The Code Red worm may have had its 15 minutes of fame as it failed to reappear this weekend. The worm, which was designed to propagate, lay dormant and then attack the White House website over pre-set time periods, seems to have been stopped in its tracks.

Although various reports claim that there are 250,000 to 300,000 NT servers still infected, security experts say that most vulnerable systems have now been patched. The worm has not been able to damage the White House site as the administrator simply shifted the site's IP address when it first appeared.

A statement released on Friday from the National Infrastructure Protection Center said that the threat posed by the worm "is significantly reduced".

However, in the light of Code Red and similar worms a technology researcher from Berkeley University of California has written a white paper describing how a similarly constructed super worm could be capable of one million infections in eight minutes.

The so-called Warhol Worm overcomes the problem that a worm faces of obtaining its initial 'critical mass' of infected hosts. Technically, it would be easy for someone intending to release a worm to pre-scan the internet and generate a 'hit list' of a few thousand vulnerable machines with fast network connections.

This hit list would be given to the worm and later divided up among infected machines to maximise the number of victims that could be further infected.

According to the paper's author, Nicholas C Weaver, this "divide and conquer" strategy would allow several thousand vulnerable machines to be infected in less than a minute, potentially infecting one million machines in eight minutes. "The potential mayhem is staggering," he added.

The full white paper is available here.