2 min read

The ABCs Of Writing A Worm

Security experts pan magazine's decision to publish Slammer source code
Another taboo was broken this month when a consumer magazine published the complete source code to the SQL Slammer worm.

Some security experts say the decision to publish the code amounts to an algorithm on how to wreak havoc on IT systems worldwide. The Slammer worm struck the Internet on Jan. 25 and cost an estimated $1 billion in damage and cleanup.

"We believe in security, not obscurity," says Blaise Zerega, managing editor of Wired, which published the code in its current issue. "And that means you shine a light upon the vulnerabilities and risks."

The article also details how five blocks of code enable the worm to infect at-risk applications, choose the next app to infect, and then move itself onto the next victim. "There are lots of ways for people to get this [source code], but to add to it and say that it won't do harm is silly," says Pete Lindstrom, research director at security market research firm Spire Security.

Wired's move follows news from the University of Calgary that it will offer a course that will include having students write viruses. "The ludicrous thing is Wired is thinking like the University of Calgary in that they will help fix the problem by demonstrating how malicious software works," says Russ Cooper, surgeon general for security firm TruSecure Corp. "You don't need to know that to stop viruses or buffer-overflows."