A taxonomy of computer worms
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

A Taxonomy of Computer Worms PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on
  • Presentation posted in: General

A Taxonomy of Computer Worms. Ashish Gupta Network Security April 2004. Worm vs a virus. 1. Self propagates across the network 2. Exploits security or policy flaws in widely used services 3. Less mature defense today. +. Activation. Target Discovery. Attacker. Payload. Carrier.

Download Presentation

A Taxonomy of Computer Worms

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


A taxonomy of computer worms

A Taxonomy of Computer Worms

Ashish Gupta

Network Security

April 2004


Worm vs a virus

Worm vs a virus

1. Self propagates across the network

2. Exploits security or policy flaws in widely used services

3. Less mature defense today


A taxonomy of computer worms

+

Activation

Target Discovery

Attacker

Payload

Carrier

OVERVIEW


A taxonomy of computer worms

Target Discovery


A taxonomy of computer worms

Target Discovery

  • Scanningsequential, random

  • Target Listspre-generated, external (game servers), internal

  • Passive


Target discovery

Target Discovery

  • Internal Target Lists

    • Discover the local communication topology

    • Similar to DV algorithm

    • Very fast ??

      • Function of shortest paths

    • Any example ?

    • Difficult to detect

      • Suggests highly distributed sensors


Toolkit potential

Toolkit potential

  • http://smf.chat.ru/e_dvl_news.htm

  • http://viruszone.by.ru/create.html

  • http://lcamtuf.coredump.cx/worm.txt Worm tutorial


A taxonomy of computer worms

Carrier


A taxonomy of computer worms

Carrier

  • Self-Carriedactive transmission

  • Second Channele.g. RPC, TFTP ( blaster worm )

  • Embeddede.g. web requests


A taxonomy of computer worms

Activation


A taxonomy of computer worms

Activation

  • Human ActivationSocial Enginnering e.g. MyDoom  SCO Killer !

  • Human activity-based activatione.g. logging in, rebooting

  • Scheduled process activatione.g. updates, backup etc.

  • Self Activation e.g. Code Red


Mydoom fastest ever

MyDoom : Fastest Ever

http://www.cnn.com/2004/TECH/internet/01/28/mydoom.spreadwed/


A taxonomy of computer worms

Payload


A taxonomy of computer worms

Payload

  • Internet Remote Control

  • Internet DOS : paper’s dream realized

  • Data Damage: Chernobyl , Klez

  • Physical World Damage

  • Human control  Blackmail !


A taxonomy of computer worms

Attacker


A taxonomy of computer worms

Attacker

  • Curiosity

  • Pride and Power

  • Commercial Advantage

  • Extortion and criminal gain

  • Terrorism  Example

  • Cyber Warfare


Theodore kaczynski

Theodore Kaczynski

  • Born in Chicago

  • extremely gifted as a child

  • Americanterrorist who attempted to fight against what he perceived as the evils of technological progress

  • eighteen-year-long campaign of sending mail bombs to various people, killing three and wounding 29.

  • The first mail bomb was sent in late 1978 to Prof. Buckley Crist at Northwestern University


A taxonomy of computer worms

+

Activation

Target Discovery

Attacker

Payload

Carrier

CONCLUSION


A taxonomy of computer worms

???

  • given the target discovery/propagation methods of worms,

    • how to detect it?

    • with only network traffic header data? 

    • at ISP?  at edge routers? at end hosts?


  • Login