1 / 24

A Taxonomy of Computer Worms

A Taxonomy of Computer Worms. Ashish Gupta Network Security April 2004. Worm vs a virus. 1. Self propagates across the network 2. Exploits security or policy flaws in widely used services 3. Less mature defense today. +. Activation. Target Discovery. Attacker. Payload. Carrier.

kordell
Download Presentation

A Taxonomy of Computer Worms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004

  2. Worm vs a virus 1. Self propagates across the network 2. Exploits security or policy flaws in widely used services 3. Less mature defense today

  3. + Activation Target Discovery Attacker Payload Carrier OVERVIEW

  4. Target Discovery

  5. Target Discovery • Scanningsequential, random • Target Lists pre-generated, external (game servers), internal • Passive

  6. Target Discovery • Internal Target Lists • Discover the local communication topology • Similar to DV algorithm • Very fast ?? • Function of shortest paths • Any example ? • Difficult to detect • Suggests highly distributed sensors

  7. Toolkit potential • http://smf.chat.ru/e_dvl_news.htm • http://viruszone.by.ru/create.html • http://lcamtuf.coredump.cx/worm.txt Worm tutorial

  8. Carrier

  9. Carrier • Self-Carried active transmission • Second Channel e.g. RPC, TFTP ( blaster worm ) • Embedded e.g. web requests

  10. Activation

  11. Activation • Human Activation Social Enginnering e.g. MyDoom  SCO Killer ! • Human activity-based activation e.g. logging in, rebooting • Scheduled process activation e.g. updates, backup etc. • Self Activation e.g. Code Red

  12. MyDoom : Fastest Ever http://www.cnn.com/2004/TECH/internet/01/28/mydoom.spreadwed/

  13. Payload

  14. Payload • Internet Remote Control • Internet DOS : paper’s dream realized • Data Damage: Chernobyl , Klez • Physical World Damage • Human control  Blackmail !

  15. Attacker

  16. Attacker • Curiosity • Pride and Power • Commercial Advantage • Extortion and criminal gain • Terrorism  Example • Cyber Warfare

  17. Theodore Kaczynski • Born in Chicago • extremely gifted as a child • Americanterrorist who attempted to fight against what he perceived as the evils of technological progress • eighteen-year-long campaign of sending mail bombs to various people, killing three and wounding 29. • The first mail bomb was sent in late 1978 to Prof. Buckley Crist at Northwestern University

  18. + Activation Target Discovery Attacker Payload Carrier CONCLUSION

  19. ??? • given the target discovery/propagation methods of worms, • how to detect it? • with only network traffic header data?  • at ISP?  at edge routers? at end hosts?

More Related