Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.

Published byJason Gibson Modified over 8 years ago

Similar presentations

Presentation on theme: "A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8."— Presentation transcript:

1 A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8

2 2 Outline Introduction Classification of Worms – Target Discovery – Carrier – Activation – Payloads – Attackers Conclusions

3 3 Introduction What is a computer worm? – A program that propagates using vulnerabilities in software/application – Self-propagating (distinct from a virus) – Self-replicating In order to understand the worm threat, it is necessary to understand the various types of worms, payloads, and attackers

4 4 Target Discovery (1/3) Scanning – Sequential & Random – Optimization Preference for local addresses: Same OS and applications in a sub-network Permutation scanning: Utilize distributed coordination to more effectively scan Bandwidth-limited scanning: Do not wait for response – Anomalous from normal Internet traffic

5 5 Target Discovery (2/3) Pre-generated Target Lists – Attacker made a target list in advance Externally Generated Target Lists – Metaservers keep a list of all the servers which are currently active (Ex. Online game) Internal Target Lists – Victim’s applications contain information about other hosts

6 6 Target Discovery (3/3) Passive – Wait for potential victims to contact the worm (Ex. Un-patched browser) – Rely on user behavior to discover new targets Contagion worms rely on normal communication to discover new victims – No anomalous traffic patterns during target discovery

7 7 Carrier (1/2) Self-Carried – Transmits itself as part of the infection process Second Channel – Require a secondary communication channel to complete the infection (Ex. Blaster: exploit uses RPC, download the worm body by TFTP)

8 8 Carrier (2/2) Embedded – Sends itself as part of a normal communication channel, either appending to or replacing normal messages – Usually used by passive worms – Relatively stealthy

9 9 Activation (1/3) Human Activation – Convince a local user to execute the worm – The slowest activation approach Human Activity-Based Activation – Activated when the user performs some activity not normally related to a worm (Ex. resetting the machine, logging in)

10 10 Activation (2/3) Scheduled Process Activation – Unauthorized auto-updater programs – Ex. Use DNS redirection attack to serve a file to the desktop system to infect the target

11 11 Activation (3/3) Self Activation – Initiate their own execution by exploiting vulnerabilities in services that are always on and available – The fastest activation approach

12 12 Payloads (1/2) None/nonfunctional Internet Remote Control Spam-Relays Internet DoS Access for Sale

13 13 Payloads (2/2) Data Collection Data Damage Physical-world DoS – Use attached modems to dial emergency services Physical-world Damage – Reflashing BIOS …

14 14 Attackers (1/2) Experimental Curiosity – Continual tendency for various individuals to experiment with viruses and worms Pride and Power – A desire to acquire power, to show off their knowledge and ability to inflict harm on others Commercial Advantage – Profit by manipulating financial markets via a synthetic economic disaster

15 15 Attackers (2/2) Extortion and Criminal Gain – Credit-card information Random Protest – Disrupt networks and infrastructure Political Protest Terrorism Cyber Warfare

16 16 Conclusion Developed a taxonomy of worms – Target discovery, Carrier, Activation, Payloads, Attackers – The carrier, activation, and payload are independent of each other, and describe the worm itself – Sometimes the easiest way to defend against a worm is to remove the motivation for writing a worm in the first place

17 17 Comments Classify worms in many dimensions Different mechanism of Target Discovery / Carrier / Activation generate different traffic behaviors

Download ppt "A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR

Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Spyware and Adware Rick Carback 9/18/2005

Spyware and Adware Rick Carback 9/18/2005
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Threats To A Computer Network

Threats To A Computer Network
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.
A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004.

A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
1 Presentation ISS Security Scanner & Retina by Adnan Khairi 100183586.

1 Presentation ISS Security Scanner & Retina by Adnan Khairi
A Study of Mass- mailing Worms By Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang, Carnegie Mellon University, 2004 Presented by Allen.

A Study of Mass- mailing Worms By Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang, Carnegie Mellon University, 2004 Presented by Allen.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

Similar presentations

Ads by Google