Worm: The First Digital World War

by Mark Bowden

Hardcover, 2011




Atlantic Monthly Press (2011), Edition: First Edition, 288 pages


This book is a cyber-crime story that explores the Conficker Computer "Worm," a potentially devastating computer virus that has baffled experts and infected as many as 12 million computers to date. It is about the next frontier in terrorism. When the Conficker computer worm was unleashed on the world in November 2008, cybersecurity experts did not know what to make of it. The worm, exploiting the security flaws in Microsoft Windows, grew at an astonishingly rapid rate, infecting millions of computers around the world within weeks. Once the worm infiltrated one system it was able to link that system with others to form a single network under illicit outside control, a situation known as a "botnet." This botnet was soon capable of overpowering any of the vital computer networks that today control banking, telephone service, energy flow, air traffic, health-care information, even the Internet itself. Was it a platform for criminal profit, or a weapon? Security experts do not know for sure what Conficker's purpose is, or even where it came from. This book reports this new frontier on terror. The author explores the battle of wits between expert programmers over the future of the Internet, a battle that has pitted those determined to exploit the Internet against those committed to protect it, and awakened the U.S. government to the urgent nature of the threat. The book delivers a look at the ongoing and largely unreported war taking place literally beneath our fingertips.… (more)

User reviews

LibraryThing member Ella_Jill
This is an account of efforts to contain the Conficker worm in 2008-2009. I thought it would read like a thriller, but it didn’t. First of all, a significant portion of the book is filled with background material: history of the Internet, history of malware, biographical sketches of the key players in the Cabal (the group that fought Conficker). Secondly, they never stopped Conficker or really learned who was behind it. I’m not saying that it wasn’t an interesting book – just that it wasn’t a page-turner.

I did learn a lot about cybercrime from it. In particular, I didn’t realize that worms can make infected computers call for instructions whoever sent the worm and then crash designated websites, without the computer owners’ knowledge. Or they can take control over computers belonging to a particular bank or government agency and steal money or information – or sell control over such computers to whoever is interested. I’ve heard that one can buy anything on the Internet, but I had no idea that it includes control over “fifty computers belonging to the FBI.” This way the creators of the worm can make money with much less risk of exposure, since there’ll be no direct contact between them and the infected computers after the infection occurs. Some worm-makers don’t even infect computers themselves, but just sell their malware to whoever would like to use it. I was very surprised to learn that that’s not a crime. That is, according to the author, there’s nothing illegal in creating software that, say, exploits a flaw in the Windows operating system to gain control of other people’s computers, and in selling it to somebody.

I also found out that cybercriminals can run from your garden variety bored teenage hacker who just wants to show off to very well-coordinated groups of people who are more knowledgeable and talented than the best Internet security specialists. The latter is what happened with Conficker. Whoever created that worm gave the Cabal, composed of the best and most experienced Internet professionals, a run for their money, always keeping one step ahead of them. The Cabal kept solving seemingly impossible problem, only to have their quarry upend the game once more. This begs the question as to why these people turn to crime, if they could obviously get any computer-related job in the world and make a ton of money legally, but the author never addresses this question.

Another interesting point is that the Cabal was composed of network specialists who work for some company or run their own Internet-related companies, pure Internet researchers, and a volunteer who routinely spends his evenings hunting worms and then informing infected companies, without benefiting from it in any way (I was amazed that such people even exist! Ditto the guy who ran up a debt on his personal credit card to buy domains ahead of Conficker.) Anybody missing from this list? Yes, the government. It was very hard for the Cabal to get the attention of any of the relevant agencies, and then said agencies’ combined input into the effort to combat the worm was zero. Basically, if you’ve ever thought that the men and women in Washington are individuals with huge egos and feelings of entitlement who take much more from the country in the form of high salaries, benefits and various perks than they give back, this book will serve to confirm this opinion.

Microsoft also comes in for its share of the blame. Before Conficker another worm had exploited a similar flaw in the Windows operating system. Back then Microsoft issued a “patch” for the port that worm had used to gain entry, but didn’t bother to check if a similar problem existed with any of the other ports. Had they done this and fixed that flaw too, Conficker wouldn’t have happened. And funnily, the author says elsewhere that if only everybody registered their Windows operating systems and allowed all the security updates from Microsoft to go through, Windows would have been “well near impregnable.” Yeah, right!

I don’t know if people who’re into computers would find this book informative, but for me it was interesting to look over the shoulders of the Internet defenders, as they go about their work.
… (more)
LibraryThing member Jeremy_Palmer
Too many long email exchanges from the cabal. In the end - nothing happens.
LibraryThing member mtnmamma
excellent, clear description of the new tech good guys=bad guys in cyber space.chilling
LibraryThing member buffalogr
While this book was educational, it was very boooorrrinnnng. The author believed that he should explain the workings of a computer in order to describe the cornficker infection. After hearing about mano v mano and the foibles of various players, I decided that he had an axe to grind and set the "listen" to fast forward. I've read Bowden books in the past, but this one was baaaaad.… (more)
LibraryThing member themulhern
Very promising. Written for the layperson, but this computer scientist believes that the analogies used are actually analogous to their analogs.
LibraryThing member mamzel
Conficker was a malicious worm that was slowly working itself into millions of unknowing computers. A Cabal was formed of savvy computer guys to try and stop it from further advance, clean up where it already appeared, and try to figure out who was behind it and what was their motive. Gentle instruction is given to the reader who may not be proficient in Internet-speak. Those who are may find this book grindingly boring as they might be totally conversant in the subject, but those of us who are not will find it helpful.

Surprisingly, this story does not end with millions of computers crashing and the FBI breaking down doors arresting perps but the deadline passed without incident and the worm continues to this day, seemingly under its own steam. Attacks using this worm still continue but no world wide calamity occurred. The people who fought against it presumably continue if they haven't moved on to other threats. No big celebration of victory was held as the battle still hasn't been won. Even so, the message of the book is clear - we need to continue to be vigilant about future attacks and, for Pete's sake, people, don't pick up a USB in a parking lot and stick it in your computer!!!
… (more)
LibraryThing member BakuDreamer
Not very good
LibraryThing member kybunnies
**********THIS IS A GOODREADS.COM CONTEST WIN!!!!!***********

This was an interesting book. I learned a lot about a computer that I did not know. I do not know how much of the information that the author use was real/accurate. But it was still an interesting real. Some of the terms/jargon used may not be understandable to the average person. I believe that anyone interested in computers/internet would find this book interesting and should read it.

**********THIS IS A GOODREADS.COM CONTEST WIN!!!!!***********
… (more)


Original language



Page: 0.3414 seconds