Worms - PowerPoint PPT Presentation

About This Presentation
Title:

Worms

Description:

Worms are insidious because they rely less (or not at all) on human behavior in ... Conficker: Evolution of Enabling Technology ... – PowerPoint PPT presentation

Number of Views:299
Avg rating:3.0/5.0
Slides: 21
Provided by: Aar777
Learn more at: https://www.cs.kent.edu
Category:
Tags: conficker | worms

less

Transcript and Presenter's Notes

Title: Worms


1
Worms
  • By Aaron Stahler

2
Difference Between a Worm and A Virus
  • Viruses are computer programs that are designed
    to spread themselves from one file to another on
    a single computer.
  • Worms are insidious because they rely less (or
    not at all) on human behavior in order to spread
    themselves from one computer to another and
    unlike viruses worms are not worried how many
    time they get copied on one machine but rather
    how many machines they infect.

3
Worm Classification
  • Classified Based on Two Characteristics
  • Worm Transport Classifications
  • Worm Launch Classifications

4
Worm Transport Classifications
  • E-mail Worms
  • Native E-mail Embedded in the e-mail
  • Parasitic E-mail Sent as an attachment
  • Arbitrary protocol Worms IRC Worms, TCIP/IP
    Worms
  • Spread by using one or more non e-mail based
    protocols

5
Worm Launch ClassificationsHow it Gains Control
  • Self -launching Worms
  • Worms that are capable of spreading to a new
    system and actively running on that system.
  • User-launched Worms
  • Require user intervention in order to execute on
    a system.
  • Hybrid-launch Worms
  • Are capable of spreading using both of the above
    mechanisms

6
Brief History of Worms
  • The Xerox Worms The first Computer Worms (1980)
  • The CHRISMA EXEC Worm The First Widespread
    E-mail, User-launched Worm (1987)
  • The Internet Worm The First Arbitrary Protocol,
    BACK Door Worm (1988)
  • The IRC Worms The First Consumer-oriented
    Arbitrary Protocol, Self Launching Worms (1997)

7
Brief History of Worms
  • The Happy99 Worm The First Mainstream
    Consumer-oriented Worm (1999)
  • The Melissa VirusWorm The First Mainstream
    Corporate Macro Hybrid
  • The ExploreZip Worm The First Widespread
    Hybrid-launch, Arbitrary Protocol Worm
  • Conficker

8
Evolution of Enabling Technology
  • Infrastructural Homogeneity Homogeneity of
    computers, operating systems and communications
    platforms has been the single largest enabler for
    computer worms.
  • Ubiquitous Programmability Ubiquitous
    programmability of Windows components has made it
    possible for worms to spread without complex
    programming.
  • Increased Connectedness via Homogenous
    Communications Mechanism The increasing
    connectedness of the internet permits worms to
    spread faster, and to more machines, than ever
    before.

9
Other Factors
  • Corporate/Consumer Bridge Technologies The
    Malware authors only program against the worms
    they see.
  • Home Networking Many virus writers can test
    their product on these unsecured home network, so
    when they finally unleash the full version it has
    already been tested.

10
Future of Worms
  • Cable/DSL Brings Worms Home Continuous static
    connection Connected desktop apps scripting
    Capabilities Worm heaven
  • MAPI Worms Such as Outlook, Exchange, and etc.
    Worms can leverage e-mail functionality.
  • Information Stealers and Remote Control Worms
    Example Prettypark worm sits on someone's
    computer and waits for the creator to call on it
    to retrieve information or send malicious code
    out.
  • Peer-to-Peer Worms Sent through e-mails and any
    peer-to-peer networks.
  • E-mail Scripting Worms Email that has code
    scripted inside so when you open the email your
    computer is infected. Mostly in corporate
    settings.
  • ActiveX and Java Worms Very rare but uses
    ActiveX to be deployed on the system

11
Second Generation Worms
  • Polymorphic Worms sends a virtually identical
    text message to everyone through e-mail and
    peer-to-peer.
  • Retro Worms These worms actively attack
    anti-virus software prevent themselves from being
    discovered.
  • Stubborn Worms The worms that prevent themselves
    from being unloaded from a system.
  • Wireless Worms These can attack palm pilots and
    other wireless devices.

12
Examination of Worms EpidemicsCase Study on Mass
E-mail Worms
  • Easy to obtain addresses of other targets
  • Homogenous e-mail makes spreading easy
  • Humans are the biggest security risk there's no
    need to find a back door into the system
  • Corporate e-mail systems offer one degree of
    separation
  • Why infect one other computer when you can infect
    50 or 50,000
  • Spread to other computers as soon as they can
  • Mailbox Penetration or computer penetration

13
Easy Ways to Exploit a System
  1. Exploiting default passwords that have not been
    reset, to gain access to the system.
  2. Using dictionary based password attacks to break
    into user accounts and remotely login to a
    system.
  3. Using buffer overflows.
  4. Exploitation of debugging facilities that are
    built into standard network services.
  5. Attack of non-secured shared drives and
    peer-to-peer devices.

14
Case Study Back Door Worms and The Internet Worm
  • Its easy to obtain addresses of other targets
  • Homogeneous environments makes spreading easy
  • Back door worms spread best unhindered
  • Spread to other computers without user
    intervention

15
Case Study Hybrid Worms and ExploreZip
  • Its easy to obtain addresses of other targets
  • Homogeneous computers makes spreading easy
  • The human is the biggest security risk theres
    no need to find a back door into the system
  • It can Spread Slowly or Spread Quickly
  • Mailbox penetration or computer penetration can
    happen
  • Payload and trigger conditions affect the worms
    viability

16
(No Transcript)
17
ContainmentProactive Steps
  • Run Anti-virus Software on Servers, Gateways, and
    Desktops
  • Remove all company Addresses from your lists
  • Lock Down All Peer-to-Peer Networking
  • Deploy Internal Firewalls
  • Disable E-mail Script Capabilities
  • Strip Executable Content From Incoming E-mail
  • Use Heuristics and If Possible, Digital Immune
    System Technology

18
Active Infection
  • If hit by a destructive Worm Update File Server
    Permissions
  • If hit by a data export Worm Limit access to
    data and Networks
  • If hit by an e-mail or arbitrary-protocol Worm
    infection Distribute Virus definitions to
    gateways, e-mail servers and file servers first
  • If hit by a file server-aware Worm infection
    Distribute virus definitions to file servers
    first
  • If hit by a back door Worm infection Down all
    affected networks

19
Future Anti-worm Technologies
  • Windows Memory Scanning and Repair
  • Behavior Blockers
  • Personal Firewalls
  • Worm Heuristics
  • Automated Worm Replication and Analysis

20
Future Containment Approaches
  • Ubiquitous Authentication
  • Policy-driven File/Macro-level Access Control
  • Macro-free Products
Write a Comment
User Comments (0)
About PowerShow.com