A taxonomy of computer worms
Download
1 / 24

A Taxonomy of Computer Worms - PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on

A Taxonomy of Computer Worms. Ashish Gupta Network Security April 2004. Worm vs a virus. 1. Self propagates across the network 2. Exploits security or policy flaws in widely used services 3. Less mature defense today. +. Activation. Target Discovery. Attacker. Payload. Carrier.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' A Taxonomy of Computer Worms' - alize


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
A taxonomy of computer worms

A Taxonomy of Computer Worms

Ashish Gupta

Network Security

April 2004


Worm vs a virus
Worm vs a virus

1. Self propagates across the network

2. Exploits security or policy flaws in widely used services

3. Less mature defense today


+

Activation

Target Discovery

Attacker

Payload

Carrier

OVERVIEW



Target Discovery

  • Scanningsequential, random

  • Target Lists pre-generated, external (game servers), internal

  • Passive


Target discovery
Target Discovery

  • Internal Target Lists

    • Discover the local communication topology

    • Similar to DV algorithm

    • Very fast ??

      • Function of shortest paths

    • Any example ?

    • Difficult to detect

      • Suggests highly distributed sensors


Toolkit potential
Toolkit potential

  • http://smf.chat.ru/e_dvl_news.htm

  • http://viruszone.by.ru/create.html

  • http://lcamtuf.coredump.cx/worm.txt Worm tutorial



Carrier

  • Self-Carried active transmission

  • Second Channel e.g. RPC, TFTP ( blaster worm )

  • Embedded e.g. web requests



Activation

  • Human Activation Social Enginnering e.g. MyDoom  SCO Killer !

  • Human activity-based activation e.g. logging in, rebooting

  • Scheduled process activation e.g. updates, backup etc.

  • Self Activation e.g. Code Red


Mydoom fastest ever
MyDoom : Fastest Ever

http://www.cnn.com/2004/TECH/internet/01/28/mydoom.spreadwed/



Payload

  • Internet Remote Control

  • Internet DOS : paper’s dream realized

  • Data Damage: Chernobyl , Klez

  • Physical World Damage

  • Human control  Blackmail !



Attacker

  • Curiosity

  • Pride and Power

  • Commercial Advantage

  • Extortion and criminal gain

  • Terrorism  Example

  • Cyber Warfare


Theodore kaczynski
Theodore Kaczynski

  • Born in Chicago

  • extremely gifted as a child

  • Americanterrorist who attempted to fight against what he perceived as the evils of technological progress

  • eighteen-year-long campaign of sending mail bombs to various people, killing three and wounding 29.

  • The first mail bomb was sent in late 1978 to Prof. Buckley Crist at Northwestern University


+

Activation

Target Discovery

Attacker

Payload

Carrier

CONCLUSION


???

  • given the target discovery/propagation methods of worms,

    • how to detect it?

    • with only network traffic header data? 

    • at ISP?  at edge routers? at end hosts?


ad