Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004."— Presentation transcript:

1 A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004

2 Overview What are worms ? The six factors on taxonomy Target Discovery Propagation Activation Payloads Attackers End

3 Worm vs a virus 1. Self propagates across the network 2. Exploits security or policy flaws in widely used services 3. Less mature defense today

4

5 + Attacker Target Discovery Carrier Activation Payload OVERVIEW

6 Target Discovery

7 Scanning sequential, random Target Lists pre-generated, external (game servers), internal Passive

8 Target Discovery Internal Target Lists –Discover the local communication topology –Similar to DV algorithm –Very fast ?? Function of shortest paths –Any example ? –Difficult to detect Suggests highly distributed sensors

9 Toolkit potential http://smf.chat.ru/e_dvl_news.htm http://viruszone.by.ru/create.html http://lcamtuf.coredump.cx/worm.txt  Worm tutorialhttp://lcamtuf.coredump.cx/worm.txt

10 Carrier

11 Self-Carried active transmission Second Channel e.g. RPC, TFTP ( blaster worm ) Embedded e.g. web requests

12 Activation

13 Human Activation Social Enginnering e.g. MyDoom  SCO Killer ! Human activity-based activation e.g. logging in, rebooting Scheduled process activation e.g. updates, backup etc. Self Activation e.g. Code Red

14

15

16

17

18 MyDoom : Fastest Ever http://www.cnn.com/2004/TECH/internet/01/28/mydoom.spreadwed/

19 Payload

20 Internet Remote Control Internet DOS : paper’s dream realized Data Damage: Chernobyl, Klez Physical World Damage Human control  Blackmail !

21 Attacker

22 Curiosity Pride and Power Commercial Advantage Extortion and criminal gain Terrorism  Example Cyber Warfare

23 Theodore Kaczynski Born in ChicagoChicago extremely gifted as a child American terrorist who attempted to fight against what he perceived as the evils of technological progressAmericanterrorist eighteen-year-long campaign of sending mail bombs to various people, killing three and wounding 29.mail bombs The first mail bomb was sent in late 1978 to Prof. Buckley Crist at Northwestern University1978Northwestern University

24 + Attacker Target Discovery Carrier Activation Payload CONCLUSION

25 ??? given the target discovery/propagation methods of worms, –how to detect it? –with only network traffic header data? –at ISP? at edge routers? at end hosts?

Download ppt "A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004."

Similar presentations

Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.

Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Univ. Massachusetts, Amherst.

1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Univ. Massachusetts, Amherst.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
The University of Hull Centre For Internet Computing Spam ‘n’ chips A discussion of internet crime Angus M. Marshall BSc CEng MBCS FRSA.

The University of Hull Centre For Internet Computing Spam ‘n’ chips A discussion of internet crime Angus M. Marshall BSc CEng MBCS FRSA.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Outlines Mobile malcode Overview Viruses Worms.

Outlines Mobile malcode Overview Viruses Worms.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Worms: Taxonomy and Detection Mark Shaneck 2/6/2004.

Worms: Taxonomy and Detection Mark Shaneck 2/6/2004.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Outlines r Mobile malcode Overview r Viruses r Worms.

Outlines r Mobile malcode Overview r Viruses r Worms.

Similar presentations

Ads by Google