August 2003

Technical English: "Warhol Worm"

A recent article about the SoBig.F virus in the Economist magazine mentioned the idea of a so-called "Warhol Worm". I'd never heard this term before, so I went looking for the original use. Nicholas Weaver of UCB turns out to have coined this term to denote a worm that could infect every potential host in 15 minutes. This is of course a reference to Andy Warhol's quip that "In the future, everybody will have 15 minutes of fame".

If you read Weaver's article, though, you'll see that the important thing isn't how long a worm is famous for. Instead, he postulates (among other mechanisms) an author who quietly scans the internet for a particular vulnerability for some time, perhaps weeks or months, in order to build a list of susceptable machines. When the worm is released, these machines are used as the initial attack set. Combining a "hitlist" of 10,000 to 50,000 machines with other techniques, the result would be very fast infection of all potential machines, certainly far faster than security software vendors could possibly respond.

SoBig.F wasn't a Warhol Worm, and I don't know that we've seen one yet. The possibility that someone might use this "hitlist scanning" technique is just another reason to keep up to date with all those security patches, even for vulnerabilities for which no exploit is yet known.


The Javafication of PHP

I do a fair amount of programming in PHP, but I've never been an uncritical fan of the language. My initial impression of it was that PHP must be the secret love child of Kernighan & Ritchie era C and Perl 4, combining as it does a pre-C++ model of object oriented programming with dynamic typing, a general attitude of "if you write it, I'll find a way to make it mean something" and a library that only the kindest could regard as other than rambling and incoherent.