Austad, Jay wrote:
I was thinking about this the other day. The most efficient way to make this work would be to spread using some vulnerability (like the Microsoft DCOM vulnerability released last week), and then at a predetermined time, start DoS'ing routers in the IP space of major providers, and then work your way towards the "edges." You can pretty much safely assume that most of your infected machines are going to basically be on the edges of the internet, so if you start with major providers, you won't kill all of your connectivity. Even more destructive would be p2p built into it, so all of the infected hosts could coordinate before the attack on what networks each one would handle.
Imagine generalizing that to phases - build a virus that uses several different modes of propagation to different platforms - virulent, but not too violent (ie: not like SQL slammer), then phase it to DOS various services, including the routers. You might come in one morning to find your entire network infested with a multi-phasic virus which has destroyed whatever it could, DDOS'd everything it couldn't, and big chunks of your network are dead. On multiple platforms simultaneously. You're in a mode where everything has to be unplugged, and scrubbed before reconnecting. Ugh. SQL slammer was inadvertently almost there. We're not an SQL shop, but a few machines here and there had it enabled for one reason or another. The propagation flood itself was so violent it took out non-Windows services.