Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 11 June 2014© IRM Plc 2001 Eaten by the Worms Eaten by the Worms The perils of network hostile code Dr Neil Barrett Technical Director - IRM Plc.

Published byKatherine Walford Modified over 10 years ago

Similar presentations

Presentation on theme: "Slide 11 June 2014© IRM Plc 2001 Eaten by the Worms Eaten by the Worms The perils of network hostile code Dr Neil Barrett Technical Director - IRM Plc."— Presentation transcript:

1 Slide 11 June 2014© IRM Plc 2001 Eaten by the Worms Eaten by the Worms The perils of network hostile code Dr Neil Barrett Technical Director - IRM Plc 27 th September 2001 – Hong Kong

2 Slide 21 June 2014© IRM Plc 2001 Introduction Nature and development of Computer Worms Risk elements and damage potential Responses and preparation work Future of worms Conclusion

3 Slide 31 June 2014© IRM Plc 2001 What is a Computer Worm? A self-replicating program Copies itself from system to system Free-standing and complete Not really a virus But can carry a hostile Payload

4 Slide 41 June 2014© IRM Plc 2001 Where did Worms come from? Self-replicating programs in early 1984 By mid 1984 had become network mobile First viruses start to be proposed By 1985, self-replicating programs through trust networks Hostile viruses arise And then along came Robert Morris Jnr…

5 Slide 51 June 2014© IRM Plc 2001 The Morris Worm - 1988 First true Exploit Worm Used a security weakness to force replication –I.e., outside of the trust network Also followed trust network, but interest is in the exploit aspects Used a then new trick called Buffer Overflows

6 Slide 61 June 2014© IRM Plc 2001 The Morris Worm (2) Buffer overflows first proposed by Morris Snr Now well known, but then very new Allowed worm to be an automated hacker Did nothing deliberately damaging –Indeed, believed to have been loosed accidentally But resulted in system flooding

7 Slide 71 June 2014© IRM Plc 2001 Worms since Morris Took a few years for subsequent worms More interest in viruses Worms scripted to use emerging exploits –E.g., Word macro, Unicode, etc Slowly became objective focused

8 Slide 81 June 2014© IRM Plc 2001 Development of Worms Most early worms achieved no objective Damage resulted from flooding or from panic Solitary objective was self-propagation More recent worms grab and copy some information –E.g., PGP information Some military use of focused worms

9 Slide 91 June 2014© IRM Plc 2001 How do Modern Worms Work? E.g., NIMDA spread from server to server through Web exploits Spread from client to client through executables –I.e., persuasive mail attachments Potential for uncontrollable executables –I.e., Web pages, Outlook preview panel, etc

10 Slide 101 June 2014© IRM Plc 2001 Risk Elements and Damage Potential Essentially threefold Flooding and related panic behavior –System shutdown and associated costs Or information leakage –Leakage is so far only limited Or a set of destructive payloads –I.e., resetting BIOS and system information

11 Slide 111 June 2014© IRM Plc 2001 How Great a Risk? Reputation, financial, security risks Damage, disclosure or distrust of stored information Costs of repair or of business loss Reputation risks depend on worm publicity profile –I.e., wide spreading worm carries low reputation risk

12 Slide 121 June 2014© IRM Plc 2001 Countermeasures Best approach is to know ones exposure Not virus related But hacker related Best option is to have had focused, audit-based penetration testing –Because worms now use well-known hacking tricks –These can be looked for and removed

13 Slide 131 June 2014© IRM Plc 2001 Countermeasures (2) Constant system monitoring and correction of known existing weaknesses A culture of security awareness –Limits executable tricks An alert system management staff –That are a part of the community No Head in the Sand attitude –Share information and experiences

14 Slide 141 June 2014© IRM Plc 2001 Future No reason at all to believe that worms will stop! Increasing sophistication –More clever option controls –Multiple exploit selection –Multi-platform and multi-environment Increasing incidence of hostile intent Growth into non-IP environment –Mobile phones? PDA?

15 Slide 151 June 2014© IRM Plc 2001 Conclusion Best defense comes from knowledge Knowledge comes from testing Correct the faults shown through testing Share information with others Dont expect this problem to go away!

16 Slide 161 June 2014© IRM Plc 2001 Thank You! Dr Neil Barrett Technical Director – IRM Plc Tel: + 44 (0) 20 7808 6420 Neil.Barrett@IRMPLC.com Richard Stagg Managing Consultant – IRM Asia Level 30 Bank of China Tower Tel: 2251 8291 Richard.Stagg@IRMPLC.com

Download ppt "Slide 11 June 2014© IRM Plc 2001 Eaten by the Worms Eaten by the Worms The perils of network hostile code Dr Neil Barrett Technical Director - IRM Plc."

Similar presentations

Normalization Building Database Relationships. page 21/4/2014 Presentation Normalization Youve been creating tables without giving much thought to them.

Normalization Building Database Relationships. page 21/4/2014 Presentation Normalization Youve been creating tables without giving much thought to them.
Web Exploits and the Rise of Cybercriminals Roger Thompson AVG Chief Research Officer.

Web Exploits and the Rise of Cybercriminals Roger Thompson AVG Chief Research Officer.
© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
The Approach to Security in CLRC Gareth Smith With acknowledgements to all the members of the CLRC Computer Network and Security Group, especially Trevor.

The Approach to Security in CLRC Gareth Smith With acknowledgements to all the members of the CLRC Computer Network and Security Group, especially Trevor.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Using Your Knowledge – Security Threats

Using Your Knowledge – Security Threats
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.

95-752:8-1 Application Security :8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.
Computers in Society Week 8: Computer Security and Hacking.

Computers in Society Week 8: Computer Security and Hacking.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.

Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Similar presentations

Ads by Google