INTERNET WORMS - PowerPoint PPT Presentation
1 / 19
Title:
INTERNET WORMS
Description:
INTERNET WORMS. The Hackers That Never Sleep /default.ida? ... WORM AND VIRUS TECHNIQUES. 100,000 COMPUTERS IN FIRST DAY. MULTIPLE VULNERABILITIES ... – PowerPoint PPT presentation
Number of Views:110
Avg rating:3.0/5.0
Title: INTERNET WORMS
1
INTERNET WORMS
- The Hackers That Never Sleep
2
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNu9090u6858
ucbd3u7801u9090u6858ucbd3u7801u9090u6858uc
bd3u7801u9090u9090u8190u00c3u0003u8b00u531
bu53ffu0078u0000u00a
3
(No Transcript)
4
(No Transcript)
5
BUFFER OVERFLOWS
BUFFER
RETURN ADDRESS
BRETT
RETURN ADDRESS
RETURN ADDRESS
XXXXXXXXXXXXXXXXX
6
BUFFER
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNu9090u6858
ucbd3u7801u9090u6858ucbd3u7801u9090u6858uc
bd3u7801u9090u9090u8190u00c3u0003u8b00u531
bu53ffu0078u0000u00a
OVERFLOW
7
SADMIND/IIS WORM
- DISCOVERED MAY 2001
- SOLARIS
- 2 YEAR OLD BUFFER OVERFLOW
- LISTENING ROOT SHELL
- START SCANNING
- MICROSOFT IIS
- WEB PAGE REPLACEMENT
- WEB SERVER FOLDER DIRECTORY TRAVERSAL
- PUBLIC BACKDOOR
8
(No Transcript)
9
WEB FOLDER DIRECTORY TRAVERSAL
- DISCOVERED OCTOBER 2000
- 40 IIS SERVERS VULNERABLE
- COMMAND EXECUTION ON SERVER
/INETPUB/WWWROOT /WINNT/SYSTEM32
/WWWROOT/../../WINNT/SYSTEM32/CMD.EXE
/WWWROOT/..c0af..c0afWINNT/SYSTEM32/CMD.EXE
/SCRIPTS/ROOT.EXE
10
CODE RED
- DISCOVERED JULY 2001
- MICROSOFT IIS5
- BUFFER OVERFLOW
- SYSTEM LEVEL ACCESS
- 300,000 COMPUTERS IN 12 HOURS
- DENIAL OF SERVICE ATTACK
- MULTIPLE VERSIONS
- WEB PAGE REPLACEMENT
11
(No Transcript)
12
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNu9090u6858
ucbd3u7801u9090u6858ucbd3u7801u9090u6858uc
bd3u7801u9090u9090u8190u00c3u0003u8b00u531
bu53ffu0078u0000u00a
13
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXu9090u6858
ucbd3u7801u9090u6858ucbd3u7801u9090u6858uc
bd3u7801u9090u9090u8190u00c3u0003u8b00u531
bu53ffu0078u0000u00a
14
CODE RED II
- DISCOVERED AUGUST 2001
- TOTALLY NEW WORM
- SAME VULNERABILITY
- OVER 500,000 INFECTIONS
- MULTIPLE BACKDOORS
- /SCRIPTS/ROOT.EXE
- TROJAN EXPLORER.EXE
- VIRTUAL ROOT SHARES
15
CODE RED II BACKDOORS
- SIMPLE TO USE
- CAN BE ACCESSED WITH A WEB BROWSER
- DOWNLOAD AND INSTALL PROGRAMS
- SET UP AN FTP SERVER
- USE IN DENIAL OF SERVICE
- HIDE HACKERS IDENTITY
- INFORMATION SECURITY
16
NIMDA WORM
- DISCOVERED SEPTEMBER 2001
- WORM AND VIRUS TECHNIQUES
- 100,000 COMPUTERS IN FIRST DAY
- MULTIPLE VULNERABILITIES
- WEB FOLDER TRAVERSAL
- USES CURRENT BACKDOORS
- E-MAIL PROPAGATION
- AUTOMATIC EXECUTION
- EXECUTABLE FILE INFECTION
- RELATIVE PATH DLL VULNERABILITY
- INFECTED WEB PAGES
- BACKDOOR SHARE
- GUEST ACCOUNT
17
AUTOMATIC ATTACHMENT EXECUTION
- 7-MONTH-OLD VULNERABILITY
- SPECIAL E-MAIL HEADER
- ATTACHMENT DISGUISED AS WAV SOUND FILE
- AUTOMATICALLY EXECUTED
- SPREAD THROUGH WEB PAGES
18
WHAT DO THEY WANT
- SCRIPT KIDDIES
- THOUSANDS OF PEOPLE HAVE ACCESS
- CREDIT CARDS
- HIDE HACKERS IDENTITY
- DENIAL OF SERVICE ZOMBIE
- FTP SERVER
- INDUSTRIAL ESPIONAGE
19
PREVENTING AN ATTACK
- MONTHLY SECURITY ALERTS
- INSTALL SECURITY PATCHES
- FIREWALLS
- SECURITY AUDIT
- CONTINUOUS SCANNING SERVICE
- MONITOR HACKER TRENDS
- UPDATED AUDITING SOFTWARE
- SECURE FROM 90 OF HACKERS
Recommended
CrystalGraphics Presentations
