Definition of Worms
Worms are self-replicating computer programs. A worm is self-contained and does not need to be part of another program to propagate itself. They are often designed to exploit the file transmission capabilities found on many computers.
|
|
Worms
|
|
The Forensics of the Zotob Worm-Bot
Internet Security Systems (ISS) customers have been wondering what they should expect with regards to the Zotob worm because the behavior currently being exhibited is not the same behavior as past worms. This white paper describes why the Zotob worm behaves differently, why customers are experiencing different activity on the network and how ISS products can be configured to identify more details about this worm.
Read the Article
|
Mass-Mailing Worms: Prevention, Detection and Response (A Case Study)
In this paper I describe the approaches to mass-mailing worm prevention, detection, and incident response that I have developed and used on a large university network. The prevention strategy has encompassed user education and awareness, desktop anti-virus policy, and minimally invasive server-based filtering of incoming email, while the approach to worm detection is based on detecting traffic patterns of worm behavior on the network itself, using readily available open source tools, including the argus real time flow monitor and the Perl scripting language. In this paper I present results which demonstrate the efficacy of our strategies for prevention, behavior-based (as opposed to signature-based) detection, and recovery, and I discuss future directions based on lessons learned to date.
Read the Article
|
Internet Worms: Walking on Unstable Ground
As we have seen recently, worms in the wild have been getting progressively more sophisticated and dangerous. Each of these worms has prompted behavior to make systems more secure. Administrators implement controls that increase their level of defense in depth. Firewall rules are updated; important servers are segmented from the network; host security is increased by current patches being applied and unneeded services being removed; more thought is put into application security; anti-virus definitions are updated; and users are informed about what they can do to prevent the network from being attacked.
Read the Article
|
Worm Propagation and Countermeasures
This paper is an attempt to approach the problem of worm control in a systematic fashion. Beginning with a motivating discussion of the current threat posed by worms, it moves on to examine a selection of the most notorious worms both old and new. Highlighting the commonalities of these worms allows for the synthesis of a general model of worm propagation. Analysis of this model shows that the process of worm propagation has a number of steps, each one of which can potentially be disrupted through the deployment of the appropriate security technology. A discussion then follows of the technologies that can be deployed at each step to prevent, contain, or slow the spread of worms.
Read the Article
|
Slow Down Internet Worms With Tarpits
The recent and prolific spread of Internet worms has yet again demonstrated the vulnerability of network hosts, and it's clear that new approaches to worm containment need to be investigated. In this article, we'll discuss a new twist on an under-utilized technology: the tarpit.
Read the Article
|
Introduction to Database and Application Worms
In the recent past, a new set of threats have emerged, worms that propagate through vulnerabilities in databases rather than through more traditional operating system or web server holes. Despite their lack of sophistication, these worms have been somewhat successful because of the poor state of database security. Security in databases has generally been ignored and the threat management of these applications has been non-existent.
Read the Article
|
What is Santy bringing you this year?
The purpose of this paper is to provide the community insight into the Santy worm released around Christmas 2004. This worm exploits a bug in the popular phpBB forum software.
Read the Article
|
|
|
Members currently browsing this category:
|
|
