New technique cuts time of identifying and capturing a worm from minutes to milliseconds

Penn State University researchers have created technology they say can nab computer worms more quickly than traditional signature-based systems and speedily set free the traffic if it's determined to be harmless after all. The Proactive Worm Containment technology watches for a packet's rate and diversity of connections to other networks to identify worms, rather than having to wait around for a signature to be generated to spot new malware.

This technique can cut the time from identifying and capturing a worm from minutes to milliseconds, allowing for only a handful of infected packets to spread, the research team claims. That makes a big difference when you consider that notorious worms such as Slammer could issue 4,000 packets a second when attacking Microsoft's SQL Server.

"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said lead researcher Peng Liu , an associate professor of information sciences and technology at Penn State, in a statement.