A paper titled "How to 0wn the Internet in Your Spare Time" (to be presented early next month at the 11th Usenix Security Symposium), analyzes trends in Internet worms and predicts likely future threats (go to www.eweek.com/links to access the paper).
The paper notes, for example, that the Nimda worm used at least five infection techniques to spread very rapidly.
Techniques likely to be used in future attacks include worms armed with lists of vulnerable servers and worms that divide up address blocks to reduce duplicate scans. Using combinations of techniques, a worm could infect 300,000 servers in 15 minutes. Alternately, the paper warns of ultraslow worms that spread over months so as not to create traffic spikes.
The paper predicts that peer-to-peer software will be a major breeding ground for worms because its running on millions of machines, is homogeneous and is often poorly monitored by IT pros.