Presentation is loading. Please wait.

Presentation is loading. Please wait.

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

Published byMildred Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world."— Presentation transcript:

1 How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

2 Disclaimer This tutorial is to understand how worms work! I wrote my own “nice worm” at IIT Guwahati to understand more about worms and their spreading pattern and behavior If you use this knowledge to do unethical stuff like releasing a worm – the liability is yours! Stop watching this video NOW ! if you have any malicious intent in mind

3 Talk Outline What are worms? The life cycle of a simple worm: scanning for a victim exploiting the victim cloning itself onto the victim running the clone to further spread infection stealth techniques used to hide itself What will we code in this section?

4 What are worms? A worm is a self replicating program Self-replicating => it makes copies of itself and sends them over to hosts across a network All copies have the same functionality and generally lack any sort of synchronization among themselves Worms are hated because: Bandwidth consumption Might crash computers they infect Infected computers may be used for other attacks such as DDoS, Phishing attacks etc

5 Types of worms Network worms – generally exploits a service such as RPC and spreads Email worms – use mass emails to spread and either target the email client (Outlook) or rely on user intervention (a click) to spread IRC worms … IM worms … File sharing worms … XSS worms – MySpace ?? …

6 The life cycle of a simple worm Scanning for a victim Exploiting the victim Cloning itself onto the victim Running the clone to further spread infection Stealth techniques used to hide itself

7 The life of a worm … (1) (2) Victim

8 The life of a worm Worm created Victim found Scans for Victim Send Exploit Get a copy Scan Rooted !!

9 Scanning for a victim Random scan – random IP Selective random scan – IP from global and local routing addresses Full scan – scan all IP addresses Divide and conquer scan – divide IP addresses among child worms Subnet scan – detect and scan local subnet Etc etc

10 Exploiting the victim What is an exploit? – simply put: a piece of code which provides “access” to a victim computer by utilizing some flaw in the logic of a program running on the victim computer By “access” I mean the ability to run commands/programs on the remote computer Network worms use what is called a “remote exploit” – an exploit which can be launched remotely and which gives some code running privileges on the victim Find a suitable exploit to use in the worm Understand the exploit Black box approach (wrapper around the exploit) White box approach (modifying the exploit)

11 Cloning itself onto the victim Once the victim has been exploited the worm needs to get a copy of itself on the victim Tftp?? Blaster worm Http server ?? Ftp server ?? Compile source?? Include worm in the shellcode?? …

12 Running the clone to further spread infection Once the clone has been downloaded run it Make it a service?? Add a registry entry for startup?? … Clone starts scanning again Clone finds a victim Cycle continues …

13 Stealth techniques used to hide itself Hide process Hide files Hide activity Delete logs …rootkit…??

14 The life of a worm Worm created Victim found Scans for Victim Send Exploit Get a copy Scan Rooted !!

15 What will we code in this section? IP scanner code (random, sequential, subnet scans) Understanding an exploit enough so you can to use it Transporting a copy of the worm A simple framework for making worms whenever an exploit is released

16 Let the games begin!

Download ppt "How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
COMPUTER VIRUS: Potentially damaging computer program designed to infect other software or files by attaching itself to the software or files with which.

COMPUTER VIRUS: Potentially damaging computer program designed to infect other software or files by attaching itself to the software or files with which.
Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.

Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.

Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
W HAT DOES EXPLOIT MEAN ? A ND THE S ASSER WORM Seminar on Software Engineering, Short Presentation 07.02.2008 Christian Gruber.

W HAT DOES EXPLOIT MEAN ? A ND THE S ASSER WORM Seminar on Software Engineering, Short Presentation Christian Gruber.

Similar presentations

Ads by Google