Lab 8 Summary Worms, Viruses, WEP. Group 15 Matt Peter Pranav Sawjiany Group 17 Neha Jain Ayaz Lalani. Outline. Worms SQL Slammer: SPOC worm Real World worm: AnnaKournikova Viruses Worm Generator Wireless Security Wired Equivalent Privacy (WEP) Aircrack. Worms.
“A computer worm is a self-replicating computer program that propagates copies of itself via a network. A worm is self-contained and does not need to be part of another program to propagate itself. They are often designed to exploit the file transmission capabilities found on many computers. A worm uses a network to send copies of itself to other systems and it does so without any intervention. Worms harm the network and consume bandwidth.” - Wikipedia
alert tcp $External _NET any $ Home 3333 (msg: “vuln_serve Attempt”)
// sockfd is a socket file descriptor to a client
void svcHandle(int sockfd)
bzero( userinput, BUFFER_SIZE);
printf( "1- Input:%s(%d)\n", userinput, strlen(userinput));
printf( "please input a 16 character string:\n");
printf( "2- Input:(%d)\n", strlen(userinput));
What’s the fix?
Use fgets and the Buffer size
Vulnerability to buffer Overflow!!
“A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an "infection", and the infected file is called a "host". Generally computer viruses cannot directly damage hardware, but only software.” - Wikipedia
/* this is the new close() that replaces the one in the stdio.h
* library, as can be seen it executes the virus functionality
* before it closes the file
int close(int fd)
virfunc(); /* execute virus */
return Close(fd); /* close the file */
Propagated through test_virus
standards definied by IEEE