A Taxonomy of Computer Worms - PowerPoint PPT Presentation

About This Presentation
Title:

A Taxonomy of Computer Worms

Description:

Worm vs a virus. 1. Self propagates across the network ... to fight against what he perceived as the evils of technological progress ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 25
Provided by: csNorth
Category:

less

Transcript and Presenter's Notes

Title: A Taxonomy of Computer Worms


1
A Taxonomy of Computer Worms
  • Ashish Gupta
  • Network Security
  • April 2004

2
Overview
  • What are worms ?
  • The six factors on taxonomy
  • Target Discovery
  • Propagation
  • Activation
  • Payloads
  • Attackers
  • End

3
Worm vs a virus
1. Self propagates across the network 2. Exploits
security or policy flaws in widely used
services 3. Less mature defense today
4
(No Transcript)
5

Activation
Target Discovery
Attacker
Payload
Carrier
OVERVIEW
6
Target Discovery
7
Target Discovery
  • Scanning sequential, random
  • Target Lists pre-generated, external (game
    servers), internal
  • Passive

8
Target Discovery
  • Internal Target Lists
  • Discover the local communication topology
  • Similar to DV algorithm
  • Very fast ??
  • Function of shortest paths
  • Any example ?
  • Difficult to detect
  • Suggests highly distributed sensors

9
Toolkit potential
  • http//smf.chat.ru/e_dvl_news.htm
  • http//viruszone.by.ru/create.html
  • http//lcamtuf.coredump.cx/worm.txt ? Worm
    tutorial

10
Carrier
11
Carrier
  • Self-Carried active transmission
  • Second Channel e.g. RPC, TFTP ( blaster worm )
  • Embedded e.g. web requests

12
Activation
13
Activation
  • Human Activation Social Enginnering e.g. MyDoom
    ? SCO Killer !
  • Human activity-based activation e.g. logging in,
    rebooting
  • Scheduled process activation e.g. updates,
    backup etc.
  • Self Activation e.g. Code Red

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
MyDoom Fastest Ever
http//www.cnn.com/2004/TECH/internet/01/28/mydoom
.spreadwed/
19
Payload
20
Payload
  • Internet Remote Control
  • Internet DOS papers dream realized
  • Data Damage Chernobyl , Klez
  • Physical World Damage
  • Human control ? Blackmail !

21
Attacker
22
Attacker
  • Curiosity
  • Pride and Power
  • Commercial Advantage
  • Extortion and criminal gain
  • Terrorism ? Example
  • Cyber Warfare

23
Theodore Kaczynski
  • Born in Chicago
  • extremely gifted as a child
  • American terrorist who attempted to fight against
    what he perceived as the evils of technological
    progress
  • eighteen-year-long campaign of sending mail bombs
    to various people, killing three and wounding 29.
  • The first mail bomb was sent in late 1978 to
    Prof. Buckley Crist at Northwestern University

24

Activation
Target Discovery
Attacker
Payload
Carrier
CONCLUSION
25
???
  • given the target discovery/propagation methods of
    worms,
  • how to detect it?
  • with only network traffic header data? 
  • at ISP?  at edge routers? at end hosts?
Write a Comment
User Comments (0)
About PowerShow.com