VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum
[Previous] [Index] [Next]

Symantec Worm Simulator

Symantec Research Labs Creates New Worm Simulator

MAY 1, 2005 ARTICLE ID: 5479

CUPERTINO, Calif. -- When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures.

The new Symantec Worm Simulator visually demonstrates how worms spread through the Internet, and how they fare against a custom network and security policy.

The Worm Simulator is a substantially updated version of the VBSim program released in 1997. VBSim was the first program to “show” the spread of a virus to Symantec customers. The new Worm Simulator takes VBSim to another level, enabling custom configuration of new worm simulations, configuration of custom networks and protection policy, and incorporates impressive new three-dimensional graphics.

Two simple windows are shown to the user. On the left side is a large rotating globe. This globe depicts the Internet as a whole. Small dots appear on the globe to show the infection spreading. The dots can be configured to represent the entire Internet population, or only the machines on the Internet that are vulnerable to the particular worm.

On the right side of the simulator is a window depicting an individual network, complete with desktop machines, workgroups, and larger company subnets. A simulation can have a custom network topology and security policy. For example, a simulation can specify how quickly machines are patched, whether security software is running on a particular machine, where firewalls are located, and how often users open email attachments.

To use the Worm Simulator, all users need to do is load a simulation file and click “play.” The Worm Simulator is distributed with simulations of six actual worms: MyDoom, Netsky, Sasser, Slammer, Blaster, and SoBig. Each simulation is tailored to accurately represent how the real worm spread in the wild. As the worm spreads, nodes in the network and on the globe start turning colors. Symantec Yellow represents patched and secure machines, while red indicates an infected machine. The SoBig virus simulation, for instance, quickly shows one corporate network turning red, while a different company turns yellow. The yellow company has more machines that are patched or running security software, and are therefore resistant to the worm.

As entirely new worms appear in the wild, simulations of these worms can be constructed to demonstrate the worm's characteristics to users.

The Worm Simulator will be rolled out initially to members of the Symantec Sales organization for demonstrations to enterprise customers. In addition, the Worm Simulator could become a future television star during news coverage of worm outbreaks, enabling viewers to watch a virus as it spreads. Symantec Security Response intends to use the simulator for TV appearances as well.

The simulator is accompanied by documentation on how to run the simulator as well as six worm simulations. These simulations include four networks, each with a different security policy. The networks are described in detail in the documentation.


SRL_Worm_Simulator.msi2022400SWSApr 2005MD5 sum 9b6ebeaff1e3404d96a71b9edee532c5

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka