Abstract
Super-worms constitute the most advanced and dangerous threat for networks and the whole Internet. Their goal is to infect the significant majority of Internet hosts in the minimum possible time, by using advanced techniques to partition the Internet address space and to coordinate the infection process. In this paper, we present Pulse, a new class of superworms, which target network systems and specifically routers, in contrast to conventional worms and superworms which target network hosts. Pulse super-worms can be very effective and efficient, because they exploit one significant Internet vulnerability: the assumption of Internet?s development model that all routers are trustworthy and can coordinate to defend against attacks from external enemies, who have been considered the only enemies traditionally. Pulse super-worms infect routers, thus creating internal enemies undefeatable using the existing security model. As we demonstrate, Pulse super-worms are more efficient than alternatives in infecting network systems and utilize available information for self-organizing their infection policy. Furthermore, we demonstrate through speci.c attack scenarios, that Pulse super-worms can be extremely effective for a wide range of attacks, especially in information warfare. Finally, we describe countermeasures which are necessary for a successful defense against Pulse super-worms.