It's pretty easy to see where I'm going from there. First, I want to point out that I did not invent any of the techniques described in this paper, I am only putting some already existing pieces together. If I didn't think of it, somebody else would.
So, let's design our Babel virus/DoS. There are two things to think about when designing a virus: propagation and payload. Let's look at payload first, it should be quite obvious. It's a DoS tool (either an existing tool, or a new one, or simply the ping command sent repeatedly). Depending on the propagation strategy an attacker will choose (more on that later), he may want the payload to be activated on a certain date and time, or to be activated at infection time. If the attacker wants to really play dirty and make a big name for himself, he will choose big, well-known commercial sites. Banks, credit card companies, TV and newspaper websites, software publishers, government websites... He will probably targets several of them, maybe 30, 50, 100, 1000, maybe more? Or he could let chaos rule by attacking random addresses, but I don't really like this scenario. And let's not forget to DoS the sites from where the cure is most likely to come from: antivirus vendors, CERT and the likes.
Now, let's look at propagation. There are two approaches an attacker might want to do this, depending on the results he want to achieve. Let's examine the first one. He creates some gimmicky software that will serve as a vessel for our payload (Trojan Horse). And he will rely that the gimmicky software will make it to desktops, every new recipient finding it worthy to share with his friends. This model has worked in the past, and the most blatant example virus of this kind contains actually no code at all: virus hoaxes. Mouth to hear is very effective on the Internet. All he has to do is to make sure that the vessel will be attractive enough (why not a joke-a-day program that delivers a joke pulled from a big text file?). In this form of propagation, the attacker will want to set the attack at a predetermined date and time (forget reaching them remotely like the stacheldraht, there'll be too many of them, and besides, you don't know where to reach them). So the attacker sends an e-mail to his friends, with his little "gift" attached and wait for the 2 or 3 months of dormancy to pass. If he's bright, he'll try to cover his tracks by forging the e-mail header to include FW: information with a few e-mail addresses throwed in for good measure, as if the trojan came from somewhere else and he just passed it along unknowingly. The dormancy period should also help to cover tracks (but he must refrain from taking credits for the joke-a-day program;-). The disadvantage of this option is if an infected computer have a wrong date in time, it can cause the attack to be launched prematurely from this machine, potentially giving the attack away. The upside is that this solution is e-mail client independant.
The other way to propagate our payload is more efficient, and relies more on technology than social engineering. Let's use the good Outlook way! This is the model I will use in the next chapter for the Babel attack. So, the attacker will craft some code that will exploit the hole-du-jour in Outlook mail clients in order to launch automatically, and to send itself to as many addresses it can from the address book. And then start DoSing. In this case, the attacker should make sure to use an anonymous mail service, or else he's gonna be tracked down as the source. This should result in the biggest DDoS attack ever performed on the Internet to this day.
3. Some quick talk about DoS and DDoS
5. Analysis of a Babel attack: potential Internet collapse
Table of contents