A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Spyware and Adware Rick Carback 9/18/2005
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Threats To A Computer Network
1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.
A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
1 Presentation ISS Security Scanner & Retina by Adnan Khairi
A Study of Mass- mailing Worms By Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang, Carnegie Mellon University, 2004 Presented by Allen.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Chapter Nine Maintaining a Computer Part III: Malware.
How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Introduction to Honeypot, Botnet, and Security Measurement
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
APT29 HAMMERTOSS Jayakrishnan M.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Copyright 2004 Sheng Bai The Classification and Detection of Computer Worms ( survey report) Instructor: Dr. A. K. Aggarwal Session: Winter 2004.
How CERN reacted to the Blaster and Sobig virus attack Christian Boissat, Alberto Pace, Andreas Wagner.
Introduction of Internet security Sui Wang IS300.
1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
CSCE 522 Lecture 12 Program Security Malicious Code.
--Harish Reddy Vemula Distributed Denial of Service.
CIS 442- Chapter 3 Worms. Biological and computer worms Definition, main characteristics Differences from Viruses Bandwidth consumption and speed of propagation.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
How to Own the Internet in Your Spare Time (Stuart Staniford Vern Paxson Nicholas Weaver ) Giannis Kapantaidakis University of Crete CS558.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.
11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
Made by : Mohamed kullab DR. Sanaa el sayegh.  Most personal computers are now connected to the Internet and to local area networks, facilitating the.
Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Topic 5: Basic Security.
Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.
Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma
Malicious Software.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
A Case Study on Computer Worms Balaji Badam. Computer worms A self-propagating program on a network Types of Worms  Target Discovery  Carrier  Activation.
Understand Malware LESSON Security Fundamentals.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
Prepared for: Dr. Mokhairi Mokhtar Prepared by: Ana Syafiqah Binti Zahari Hazira Hamiza
3.6 Fundamentals of cyber security
CYBER SECURITY...
Viruses and Other Malicious Content
Introduction to Internet Worm
Presentation transcript:

A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8

2 Outline Introduction Classification of Worms – Target Discovery – Carrier – Activation – Payloads – Attackers Conclusions

3 Introduction What is a computer worm? – A program that propagates using vulnerabilities in software/application – Self-propagating (distinct from a virus) – Self-replicating In order to understand the worm threat, it is necessary to understand the various types of worms, payloads, and attackers

4 Target Discovery (1/3) Scanning – Sequential & Random – Optimization Preference for local addresses: Same OS and applications in a sub-network Permutation scanning: Utilize distributed coordination to more effectively scan Bandwidth-limited scanning: Do not wait for response – Anomalous from normal Internet traffic

5 Target Discovery (2/3) Pre-generated Target Lists – Attacker made a target list in advance Externally Generated Target Lists – Metaservers keep a list of all the servers which are currently active (Ex. Online game) Internal Target Lists – Victim’s applications contain information about other hosts

6 Target Discovery (3/3) Passive – Wait for potential victims to contact the worm (Ex. Un-patched browser) – Rely on user behavior to discover new targets Contagion worms rely on normal communication to discover new victims – No anomalous traffic patterns during target discovery

7 Carrier (1/2) Self-Carried – Transmits itself as part of the infection process Second Channel – Require a secondary communication channel to complete the infection (Ex. Blaster: exploit uses RPC, download the worm body by TFTP)

8 Carrier (2/2) Embedded – Sends itself as part of a normal communication channel, either appending to or replacing normal messages – Usually used by passive worms – Relatively stealthy

9 Activation (1/3) Human Activation – Convince a local user to execute the worm – The slowest activation approach Human Activity-Based Activation – Activated when the user performs some activity not normally related to a worm (Ex. resetting the machine, logging in)

10 Activation (2/3) Scheduled Process Activation – Unauthorized auto-updater programs – Ex. Use DNS redirection attack to serve a file to the desktop system to infect the target

11 Activation (3/3) Self Activation – Initiate their own execution by exploiting vulnerabilities in services that are always on and available – The fastest activation approach

12 Payloads (1/2) None/nonfunctional Internet Remote Control Spam-Relays Internet DoS Access for Sale

13 Payloads (2/2) Data Collection Data Damage Physical-world DoS – Use attached modems to dial emergency services Physical-world Damage – Reflashing BIOS …

14 Attackers (1/2) Experimental Curiosity – Continual tendency for various individuals to experiment with viruses and worms Pride and Power – A desire to acquire power, to show off their knowledge and ability to inflict harm on others Commercial Advantage – Profit by manipulating financial markets via a synthetic economic disaster

15 Attackers (2/2) Extortion and Criminal Gain – Credit-card information Random Protest – Disrupt networks and infrastructure Political Protest Terrorism Cyber Warfare

16 Conclusion Developed a taxonomy of worms – Target discovery, Carrier, Activation, Payloads, Attackers – The carrier, activation, and payload are independent of each other, and describe the worm itself – Sometimes the easiest way to defend against a worm is to remove the motivation for writing a worm in the first place

17 Comments Classify worms in many dimensions Different mechanism of Target Discovery / Carrier / Activation generate different traffic behaviors

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.