How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
Lesson 3-Hacker Techniques
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
COMPUTER VIRUS: Potentially damaging computer program designed to infect other software or files by attaching itself to the software or files with which.
Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
W HAT DOES EXPLOIT MEAN ? A ND THE S ASSER WORM Seminar on Software Engineering, Short Presentation Christian Gruber.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Trend Micro Confidential 1 Virus/ Trojans/ Worms etc and some Common issues.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.
Compiled & Designed by : Presentation Point Idea by: SAAD(CEO Future IT) © 2011 Presentation Point Compiled By & Designed : Presentation Point(
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.
Topic 5: Basic Security.
DEFINING A VIRUS By saad. Defining a virus A virus is a piece of code or program. A virus is loaded onto the computer and runs without your command All.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
CONTENTS What is Virus ? Types of computer viruses.
Malicious Software.
Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Understand Malware LESSON Security Fundamentals.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
1 3 Computing System Fundamentals 3.7 Utility Software.
MALICIOUS SOFTWARE Rishu sihotra TE Computer
Take a tour around my slideshow to learn more about viruses.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems Design and Development Security Risks Computing Science.
 Mal icious soft ware  Programs that violate one (or more) of the IA pillars  Does not (generally) refer to unintentional program bugs that violate.
COMPUTER VIRUSES ….! Presented by: BSCS-I Maheen Zofishan Saba Naz Numan Sheikh Javaria Munawar Aisha Fatima.
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Malicious Software.
Three Things About Malware
Backdoor Attacks.
SEMINAR ON PC SECURITY FROM VIRUSES
Viruses and Other Malicious Content
ADVANCED PERSISTENT THREATS (APTs) - Simulation
WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.
Chap 10 Malicious Software.
Network Security: DNS Spoofing, SQL Injection, ARP Poisoning
Protocols 2 Key Revision Points.
Chap 10 Malicious Software.
Crisis and Aftermath Morris worm.
What are Computers? C Use this tutorial alongside the numbers coded in your workbook and answer the related questions in each section.
Introduction to Internet Worm
Presentation transcript:

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

Disclaimer This tutorial is to understand how worms work! I wrote my own “nice worm” at IIT Guwahati to understand more about worms and their spreading pattern and behavior If you use this knowledge to do unethical stuff like releasing a worm – the liability is yours! Stop watching this video NOW ! if you have any malicious intent in mind

Talk Outline What are worms? The life cycle of a simple worm: scanning for a victim exploiting the victim cloning itself onto the victim running the clone to further spread infection stealth techniques used to hide itself What will we code in this section?

What are worms? A worm is a self replicating program Self-replicating => it makes copies of itself and sends them over to hosts across a network All copies have the same functionality and generally lack any sort of synchronization among themselves Worms are hated because: Bandwidth consumption Might crash computers they infect Infected computers may be used for other attacks such as DDoS, Phishing attacks etc

Types of worms Network worms – generally exploits a service such as RPC and spreads worms – use mass s to spread and either target the client (Outlook) or rely on user intervention (a click) to spread IRC worms … IM worms … File sharing worms … XSS worms – MySpace ?? …

The life cycle of a simple worm Scanning for a victim Exploiting the victim Cloning itself onto the victim Running the clone to further spread infection Stealth techniques used to hide itself

The life of a worm … (1) (2) Victim

The life of a worm Worm created Victim found Scans for Victim Send Exploit Get a copy Scan Rooted !!

Scanning for a victim Random scan – random IP Selective random scan – IP from global and local routing addresses Full scan – scan all IP addresses Divide and conquer scan – divide IP addresses among child worms Subnet scan – detect and scan local subnet Etc etc

Exploiting the victim What is an exploit? – simply put: a piece of code which provides “access” to a victim computer by utilizing some flaw in the logic of a program running on the victim computer By “access” I mean the ability to run commands/programs on the remote computer Network worms use what is called a “remote exploit” – an exploit which can be launched remotely and which gives some code running privileges on the victim Find a suitable exploit to use in the worm Understand the exploit Black box approach (wrapper around the exploit) White box approach (modifying the exploit)

Cloning itself onto the victim Once the victim has been exploited the worm needs to get a copy of itself on the victim Tftp?? Blaster worm Http server ?? Ftp server ?? Compile source?? Include worm in the shellcode?? …

Running the clone to further spread infection Once the clone has been downloaded run it Make it a service?? Add a registry entry for startup?? … Clone starts scanning again Clone finds a victim Cycle continues …

Stealth techniques used to hide itself Hide process Hide files Hide activity Delete logs …rootkit…??

The life of a worm Worm created Victim found Scans for Victim Send Exploit Get a copy Scan Rooted !!

What will we code in this section? IP scanner code (random, sequential, subnet scans) Understanding an exploit enough so you can to use it Transporting a copy of the worm A simple framework for making worms whenever an exploit is released

Let the games begin!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.