18-07-2012, 04:03 PM
WORM PROPAGATION
PROPAGATION.ppt (Size: 655 KB / Downloads: 247)
Introduction
What is a worm?
Piece of software that propagates using vulnerabilities in software/application
Self-propagating (distinct from a virus)
Self-replicating
Spread through the Internet easily due to its open communication model
Classification of Worms
Target Discovery
How does a worm find new hosts to infect?
Carrier
How does it transmit itself to the target?
Activation
Mechanism by which the worm operates on the target
Payloads
What the worm carries to reach its goal
Target Discovery
Scanning
Sequential or Random
Permutation scanning
Bandwidth-limited scanning
Pre-Generated Target lists
“hit-list” of probably victims
Externally/internally generated target lists
Topological Worm (Morris Worm)
Carrier (Propagation Mechanisms)
Self-carried
Actively transmits itself as part of the infection process
Second Channel
Require a secondary communication channel
Example Blaster: primary channel is RPC;
secondary channel is TFTP
Embedded
Appends itself to normal messages
Activation Mechanism
Human Activation
Slowest activation method
Melissa
Human Activity based
Windows Share worms like Nimda
Scheduled Process Activation
Like unauthenticated automatic updates
Self Activation
Fastest method
Morris Worm
Topological Worm (6-10% of all Internet hosts infected)
First large-scale worm that targeted VAX, Sun Unix systems
Target Discovery
Scanning the local subnet
Activation
Self Activation
Propagation Mechanism (Self Carried)
Exploiting a fingered buffer overflow
Payload
None