Write short notes on Worms in brief?

It’s a replicating but not infecting program

  1. typically spreads over a network
    • cf Morris Internet Worm in 1988
  2. using users distributed privileges or by exploiting system vulnerabilities
  3. widely used by hackers to create zombie PC’s, subsequently used for further attacks, esp DoS
  4. major issue is lack of security of permanently connected systems, esp PC’s
  5. Worm Operations: Worm phases like those of viruses:
    • dormant
    • propagation
      • search for other systems to infect
      • establish connection to target remote system
      • replicate self onto remote system
    • triggering
    • execution

Morris Worm: best known classic worm

    1. released by Robert Morris in 1988
    2. targeted Unix systems
    3. using several propagation techniques
    4. if any attack succeeds then replicated self

Recent Worm Attacks: New spate of attacks from mid-2001

    1. Code Red
      • exploited bug in MS Internet Information Services (IIS) to penetrate & spread
      • searches random IPs for systems running IIS
      • had trigger time for denial-of-service attack
      • infected 360000 servers in 14 hours
    2. Code Red 2
      • had backdoor installed to allow remote control
    3. Nimda
      • used multiple infection mechanisms
        • email, shares, web client, IIS, Code Red 2 backdoor

Leave a Reply

Your email address will not be published. Required fields are marked *