a taxonomy of computer worms ashish gupta network security april 2004
Post on 21-Dec-2015
218 views
TRANSCRIPT
Worm vs a virus
1. Self propagates across the network
2. Exploits security or policy flaws in widely used services
3. Less mature defense today
Target Discovery
• Scanningsequential, random
•Target Listspre-generated, external (game servers), internal
•Passive
Target Discovery
• Internal Target Lists– Discover the local communication topology– Similar to DV algorithm– Very fast ??
• Function of shortest paths
– Any example ?– Difficult to detect
• Suggests highly distributed sensors
Toolkit potential
• http://smf.chat.ru/e_dvl_news.htm
• http://viruszone.by.ru/create.html
• http://lcamtuf.coredump.cx/worm.txt Worm tutorial
Carrier• Self-Carriedactive transmission
• Second Channele.g. RPC, TFTP ( blaster worm )
• Embeddede.g. web requests
Activation
•Human ActivationSocial Enginnering e.g. MyDoom SCO Killer !
•Human activity-based activatione.g. logging in, rebooting
•Scheduled process activatione.g. updates, backup etc.
•Self Activation e.g. Code Red
Payload
• Internet Remote Control
• Internet DOS : paper’s dream realized
• Data Damage: Chernobyl , Klez
• Physical World Damage
• Human control Blackmail !
Attacker
• Curiosity
• Pride and Power
• Commercial Advantage
• Extortion and criminal gain
• Terrorism Example
• Cyber Warfare
Theodore Kaczynski
• Born in Chicago• extremely gifted as a child• American terrorist who attempted to fight against what he
perceived as the evils of technological progress• eighteen-year-long campaign of sending mail bombs to
various people, killing three and wounding 29. • The first mail bomb was sent in late 1978 to Prof. Buckley
Crist at Northwestern University