1. By: Sharad Sharma, Somya Verma, and Taranjit Pabla

2. What are worms?  Exploits Security of policy flaws in widely used services.  Vender programs  Operating Systems  Infects environment.

3. Worms vs. Viruses  Worms are a subset of Viruses  Differ in method of attachment  Viruses attach to files for propagation  Worms propagate without attachment  Viruses require user error.  Worms use known exploits to propagate.

4. History of Computer Worms  Christmas Tree Exec Worm  Rendered international computer networks unusable.  1987  Morris Worm  Created by Robert T. Morris  1988  Fined $10,000 and sentenced to 3 years probation

5. History of Computer Worms (continued)  Melissa  1999  Created by David L. Smith  I Love You  2000  Same mechanism as the Christmas Tree Exec Worm  Slapper Worm  2002  Exploited a problem in OpenSSL to run remote shells on other computers using certain versions of Apache

6. History of Computer Worms (continued)  Other notable worms  1260 polymorphic worm  1990  First member of the chameleon family  Bubbleboy  1999  Worm.ExploreZip  1999

7. Worm Propagation  Port scans over the network and Internet  Look for open TCP ports to use as an attack vector.  Use compromised machine to probe others or produce mass mailings.

8. Worm Propagation (continued)  Some worms know how to look for vulnerabilities on systems with certain programs and configurations.

9. Mitigation and Defense.  Use a firewall  Software or Hardware  Anti-virus and Anti-spyware programs  Monitor number of scans on the network  Never open an attachment found in an unsolicited e-mail.

10. Mitigation and Defense (continued).  Access Control List  Monitor and restrict access to network.  Packet Filtering  Firewall technique, monitors packets for compliance of user defined rules.  Null routing  Filters packets and ignores any packets matching a certain criteria acting as a limited firewall.  Useful in DDOS attacks.

11. Mitigation and Defense (continued).  TCP Wrappers  Method of Access Control List Security  Provides many layers of validity tests.  Constant vigilance  Education  Be proactive.

12. Modern Worms - Stuxnet  Truly identified in July 2010  Target oriented and supposedly aimed at the Iranian Nuclear Reactor in Bushehr and enrichment facility of Natanz.  Aimed specifically for industrial setups, mainly drives which operate over 600Hz.  Real form of Cyber Warfare

13. Modern Worms – Stuxnet (Continued)  Uses more than a single language.  Capable of updating itself and P2P communication.  Encrypted using FIPS 140-2 Standards.  Digital signatures used to slow down detection.  Used all 4 zero day vulnerabilities of Windows.  First know rootkit for SCADA systems.

14. Protection From Stuxnet  Follow Siemens Guidelines.  Shutdown Internet to avoid Stuxnet updates.  Disallow the use of foreign USB drives.  Use updated SCADA versions and Microsoft patches.