Another interesting trait of Slammer was that it was a memory-only program, unlike most malware that writes itself to files, folders, and registry keys, a method that can guarantee it lives through a reboot. However, this sort of modification makes it easier to find by host intrusion detection systems. Compare this to flipping a few thousand bytes in memory (Slammer was less than 500 bytes in size), which tends to fly below the radar.
To qualify as uber-malware, it would need to be cross-platform, infecting all popular operating systems and computer sizes, from data center servers to smartphones. It would infect Windows, OS X, BSD, and Linux at a bare minimum, but it could add Solaris, Unix, Android, iOS, and other OSes for complete world domination.
This superbug would probably be ransomware, encrypting everyone's data; if the malware is removed, the data is lost forever. Such ransomware already exists, and it's scary when the decryption key cannot be cracked. I've had to reinfect systems with ransomware just to access the data it was encrypting; only then could it be removed permanently.
A scary malware program would use large keys from proven crypto (say, AES-256) and store those keys at the originator's lair. That way, you must go through the creator if you want to decrypt the data. Or maybe the malware program does the exact opposite. Instead of encrypting your data, it sends it all out onto the Internet where anyone can access it. I'm not sure which scenario is worse.
A ticking time bomb
Low and slow, a superbug would infect as many computers as it could. It would slip into the source code of a popular software title (which already happens on a fairly regular basis). Everyone installs the product, and the malware sits dormant for months, with users blissfully unaware of the ticking time bomb on their hard disk.
Then, at some predetermined date and time ... boom! Every possible computer -- think hundreds of millions of consoles -- goes down at the same time. Instead of resembling Slammer, which lacked a payload, the superworm would go off with devastating consequences.
Your home computer is down. The Internet is down. Your cellphone is down. The stock market is down. The television networks, the newpapers, your company, aviation, the military -- they're all down.
The worst case
But isn't such an extreme scenario highly unlikely? Not at all. Every malware expert knows this sort of thing could happen. Everything's connected to the Internet now, using the same protocols and defenses. Most people run the same programs. There's a Vegas betting chance it will happen.
The way I see it playing out is that a puckish, overzealous programmer creates a malware program. He or she sends out a draft creation hoping to create a little mischief, but it takes over the world instead. It happened with the Robert Morris Internet worm of 1988. It happened with Slammer.
This is the type of malware that scares me: Not the targeted likes of Stuxnet or Flame, but an app that attacks the general public, and instead of doing nothing, it does everything. In 10 minutes, every computer it hit could be permanently disabled. Game over.
In my humble opinion, it's only a matter of time. Maybe then we'll start taking security seriously.
This story, "Doomsday malware: Only a matter of time," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.