2002, computer scientist Stuart Staniford and his colleagues wrote a
paper titled ‘How to 0wn the Internet in Your Spare Time’[14] (in
hacker culture, ‘0wn’ means ‘control completely’). The team showed
that the ‘Code Red’ worm, which had spread through computers the
previous year, had actually been fairly slow. On average, each
infected server had only infected 1.8 other machines per hour. This
was still much faster than measles, one of the most contagious
human infections: in a susceptible population, a person who has
measles will infect 0.1 others per hour on average.[15] But it was still
slow enough to mean that, like a human outbreak, Code Red took a
while to really take off.
Staniford and his co-authors suggested that, with a more
streamlined, efficient worm, it would be possible to get a much faster
outbreak. Borrowing from Andy Warhol’s famous ‘fifteen minutes of
fame’ quote, they called this hypothetical creation a ‘Warhol worm’,
because it would be able to reach most of its targets within this time.
However, the idea didn’t stay hypothetical for long. The following
year, the world’s first Warhol worm surfaced when a piece of
malware called ‘Slammer’ infected over 75,000 machines.[16]
Whereas the Code Red outbreak had initially doubled in size every
37 minutes, Slammer doubled every 8.5 seconds.
Slammer had spread quickly at first, but it soon burned itself out
as it became harder to find susceptible machines. The eventual
damage was also limited. Although the sheer volume of Slammer
infections slowed down many servers, the worm wasn’t designed to
harm the machines it infected. It’s another example of how malware
can come with a range of symptoms, just like real-life infections.
Some worms are near invisible or display poems; others hold
machines to ransom or launch DDoS attacks.
As shown by the Minecraft server attacks, there can be an active
market for the most powerful worms. Such malware is commonly
sold in hidden online marketplaces, like the ‘dark net’ markets that
operate outside the familiar, visible websites we can access with
regular search engines. When security firm Kaspersky Lab
researched options available in these markets, they found people