Presentation is loading. Please wait.

Presentation is loading. Please wait.

Worms By: Aaron Stahler. Difference Between a Worm and A Virus Viruses are computer programs that are designed to spread themselves from one file to another.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Worms By: Aaron Stahler. Difference Between a Worm and A Virus Viruses are computer programs that are designed to spread themselves from one file to another."— Presentation transcript:

1 Worms By: Aaron Stahler

2 Difference Between a Worm and A Virus Viruses are computer programs that are designed to spread themselves from one file to another on a single computer. Worms are insidious because they rely less (or not at all) on human behavior in order to spread themselves from one computer to another and unlike viruses worms are not worried how many time they get copied on one machine but rather how many machines they infect.

3 Worm Classification Classified Based on Two Characteristics: 1.Worm Transport Classifications 2.Worm Launch Classifications

4 Worm Transport Classifications E-mail Worms – Native E-mail: Embedded in the e-mail – Parasitic E-mail: Sent as an attachment Arbitrary protocol Worms: IRC Worms, TCIP/IP Worms – Spread by using one or more non e-mail based protocols

5 Worm Launch Classifications: How it Gains Control Self -launching Worms – Worms that are capable of spreading to a new system and actively running on that system. User-launched Worms – Require user intervention in order to execute on a system. Hybrid-launch Worms – Are capable of spreading using both of the above mechanisms

6 Brief History of Worms The Xerox Worms: The first Computer Worms (1980) The CHRISMA EXEC Worm: The First Widespread E-mail, User-launched Worm (1987) The Internet Worm: The First Arbitrary Protocol, BACK Door Worm (1988) The IRC Worms: The First Consumer-oriented Arbitrary Protocol, Self Launching Worms (1997)

7 Brief History of Worms The Happy99 Worm: The First Mainstream Consumer-oriented Worm (1999) The Melissa Virus+Worm: The First Mainstream Corporate Macro Hybrid The ExploreZip Worm: The First Widespread Hybrid-launch, Arbitrary Protocol Worm Conficker:

8 Evolution of Enabling Technology Infrastructural Homogeneity: Homogeneity of computers, operating systems and communications platforms has been the single largest enabler for computer worms. Ubiquitous Programmability: Ubiquitous programmability of Windows components has made it possible for worms to spread without complex programming. Increased Connectedness via Homogenous Communications Mechanism: The increasing connectedness of the internet permits worms to spread faster, and to more machines, than ever before.

9 Other Factors Corporate/Consumer Bridge Technologies: The Malware authors only program against the worms they see. Home Networking: Many virus writers can test their product on these unsecured home network, so when they finally unleash the full version it has already been tested.

10 Future of Worms Cable/DSL Brings Worms Home: Continuous static connection+ Connected desktop apps+ scripting Capabilities= Worm heaven MAPI Worms: Such as Outlook, Exchange, and etc. Worms can leverage e-mail functionality. Information Stealers and Remote Control Worms: Example Prettypark worm sits on someone's computer and waits for the creator to call on it to retrieve information or send malicious code out. Peer-to-Peer Worms: Sent through e-mails and any peer-to-peer networks. E-mail Scripting Worms: Email that has code scripted inside so when you open the email your computer is infected. Mostly in corporate settings. ActiveX and Java Worms: Very rare but uses ActiveX to be deployed on the system

11 Second Generation Worms Polymorphic Worms: sends a virtually identical text message to everyone through e-mail and peer-to-peer. Retro Worms: These worms actively attack anti- virus software prevent themselves from being discovered. Stubborn Worms: The worms that prevent themselves from being unloaded from a system. Wireless Worms: These can attack palm pilots and other wireless devices.

12 Examination of Worms Epidemics Case Study on Mass E-mail Worms Easy to obtain “addresses” of other targets Homogenous e-mail makes spreading easy Humans are the biggest security risk: there's no need to find a back door into the system Corporate e-mail systems offer “one degree of separation” Why infect one other computer when you can infect 50 or 50,000 Spread to other computers as soon as they can Mailbox Penetration or computer penetration

13 Easy Ways to Exploit a System 1.Exploiting default passwords that have not been reset, to gain access to the system. 2.Using dictionary based password attacks to break into user accounts and remotely login to a system. 3.Using buffer overflows. 4.Exploitation of debugging facilities that are built into standard network services. 5.Attack of non-secured shared drives and peer- to-peer devices.

14 Case Study: Back Door Worms and The Internet Worm It’s easy to obtain “addresses” of other targets Homogeneous environments makes spreading easy Back door worms spread best unhindered Spread to other computers without user intervention

15 Case Study: Hybrid Worms and ExploreZip It’s easy to obtain “addresses” of other targets Homogeneous computers makes spreading easy The human is the biggest security risk; there’s no need to find a back door into the system It can Spread Slowly or Spread Quickly Mailbox penetration or computer penetration can happen Payload and trigger conditions affect the worms’ viability

16

17 Containment Proactive Steps Run Anti-virus Software on Servers, Gateways, and Desktops Remove “all company” Addresses from your lists Lock Down All Peer-to-Peer Networking Deploy Internal Firewalls Disable E-mail Script Capabilities Strip Executable Content From Incoming E-mail Use Heuristics and If Possible, Digital Immune System Technology

18 Active Infection If hit by a destructive Worm: Update File Server Permissions If hit by a data export Worm: Limit access to data and Networks If hit by an e-mail or arbitrary-protocol Worm infection: Distribute Virus definitions to gateways, e-mail servers and file servers first If hit by a file server-aware Worm infection: Distribute virus definitions to file servers first If hit by a back door Worm infection: Down all affected networks

19 Future Anti-worm Technologies Windows Memory Scanning and Repair Behavior Blockers Personal Firewalls Worm Heuristics Automated Worm Replication and Analysis

20 Future Containment Approaches Ubiquitous Authentication Policy-driven File/Macro-level Access Control Macro-free Products

Download ppt "Worms By: Aaron Stahler. Difference Between a Worm and A Virus Viruses are computer programs that are designed to spread themselves from one file to another."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Computer Viruses.

Computer Viruses.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Hierarchical file system Hierarchical file system - A hierarchical file system is how drives, folders, and files are displayed on an operating system.

Hierarchical file system Hierarchical file system - A hierarchical file system is how drives, folders, and files are displayed on an operating system.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Similar presentations

Ads by Google