| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Overview of Code Red or What is this This paper presents a Network Administrators perspective on gaining preliminary information as to the nature and details of Code Red. It also collects a number of valuable references for additional information for others hoping to learn more about the worm, how it works, and buffer overflow vulnerabilities in general.
04/15/2004
|
|
July 2001: Indicative of the One of the reasons why security issues have reached such a high profile as noted by the AICPA and many other businesses and security organizations is because of the incessant battery of viruses that are coded with each passing month. This paper is going to discuss the rise in attacks from worms. It will also discuss two worms making security headlines throughout the month of July 2001, the essence of their structure and how to neutralize the infections. Finally, this paper will look at preventative measures that can be taken by a company both at the perimeter and internal levels to help reduce the possible exposure to worms.
04/15/2004
|
|
Cheese Worm: Pros and Cons of a Friendly Worm Malware is the current name for all of those ruthless pieces of code that are currently infecting various machines around the world. Malware consists of two different types of infections. The first is the virus. According to Symantec Anti Virus Research Center1 (SARC), a virus is a computer program that is designed to spread itself from one file to another on a single computer. It does not try to spread itself to other computers. Viruses are typically spread by users trading files or sending emails to each other. The second type of malware is what is known as a worm. A worm, unlike a virus, tries to spread to other computers without human intervention.
04/15/2004
|
|
Code Red: The One to Not On July 19, 2001 a worm propagated itself through the Internet to infect over 250,000 computers in an unheralded nine hours, causing a flood of data that slowed the Internet by 40 percent. The website Incidents.org, which is run by the SANS Institute and is designated to monitor network threats, jumped from a green to an orange threat level - which is the second highest threat level in their four level ranking system - due to the threat of the worm. The worm, which was dubbed “Code Red” after the caffeinated cherry flavored Mt. Dew beverage that the members of eEye Digital Security consumed while decompiling the worm’s code, is unique because it incorporates hacker techniques for attacking computer systems. Not only does the worm spread to other computers via random IP range scans, but it also has the ability to deface web pages, as well as launch a Distributed Denial of Service (DDoS) attack on an IP address which houses the Whitehouse web page.
04/15/2004
|
|
The Nimda Worm: An Overview The goal of this paper is to review how Nimda propagates, focus on the initial vulnerabilities it exploits to enter an organization, and what preparations could have been done to prevent exploitation in the first place. On September 18, 2001, a new fast-spreading worm appeared on the Internet, named "Nimda" its lifecycle disrupted the confidentiality, integrity and availability of different resources throughout the Internet. Despite being new, Nimda exploited several wellknown and correctable vulnerabilities on Microsoft Windows 9x, ME, NT, and 2000 systems. Properly closing these vulnerabilities in advance could have significantly slowed its spread.
04/15/2004
|
|
Overview of Nimda September 18th, 2001 was my first encounter with Nimda along with many other people, in this paper I describe my initial thoughts and reactions to this. I was researching a scan that had happened earlier that morning when the IDS began to flood me with alerts. This was just the beginning of a very long couple of days for a lot of people, including myself. This worm hit with such vengeance, I had problems gathering information as the logs and IDS alerts were growing so fast I could not read them effectively. I began to wonder, "was this a denial of service attack aimed at us"? or "was this another variant of Code Red"? I took a breath and began copying logs from different devices for evaluation of the situation. From scanning my logs and the quick glimpse that I was able to get at the IDS, I found this was not a targeted attack. It was randomly hitting our network and eventually hit every external IP address within the environment. I then checked my e-mails, etc to make sure this was not a planned scan.
04/15/2004
|
|
Nimda Worm - Why is it Different? This paper will examine the Nimda worm to identify what makes it different from other types of malicious code. It will then present the current fixes available for the worm as well as some recommendations for protecting against further infections by similar types of malicious code. On September 18, 2001 a number of sites noticed greatly increased traffic on port 80. This was the first indication of a new worm or virus spreading throughout the Internet. The Nimda worm spread very rapidly infecting a large number of computers around the world in a very short period of time. The majority of sites returned to near normal traffic in a few days. The Nimda worm should have taught us a few lessons. Let's hope we learned the lessons well. What made the Nimda worm different from other worms that have been in circulation lately? Why was this any different or more harmful than the others? Why was it able to spread so rapidly?
04/15/2004
|
|
Worms don't care who you are Worms don't care who you are, whether you are a major financial institution or just a home user, if you have a system connected to the Internet you are at risk. In order to illustrate this we'll examine four major worms: Code Red, Code Red II, Nimda and SQLSnake, discuss the scope of the problem, its effect on your systems and some steps to prevent you from becoming yet another statistic. How many times have you been told, "You worry too much about security, it's not like we're a bank"? Or perhaps you're the one that has said something similar when the issue of network security came up. Attitudes like this are one of the biggest reasons why worms have been and continue to be so successful.
04/15/2004
|
|
Overview of the Slapper worm Slapper (specifically SlapperA) is an internet worm that attacks Apache web servers running on any one of a number of Linux operating system distributions on Intel platforms. The worm is self-propagating, actively seeking servers to infect via a previously undisclosed exploit for a known vulnerability in OpenSSL. The worm may also be referred to as the Apache/mod_ssl worm. It is the intent of this paper to look at not only what Slapper does, but why and how (with special emphasis on the buffer overflow employed). For purposes of this paper, the term Slapper will refer to Slapper.A unless otherwise designated.
04/15/2004
|
|
KLEZ.H: From Propagation to Prevention This study reviews the properties of the Klez.H worm, key findings from a set of infection experiments, and some of the network security tools needed to detect Klez.H infection. Both reported results and new unreported findings from this study show that Klez.H exploits several known SANS/FBI Top 20 List of vulnerabilities to propagate and infect local and remote computers on a Local Area Network. These include a sleep/wake routine for scanning the network for new files and directories to infect, creation and deletion of stealth processes for file infection, creation of root level shares with Full Control Permissions for Everyone, and the creation of a back door internet-bot on port 1027. The experimental results of this study highlight that virus protection involves not only the downloading and updating of a new virus signature, but also the deployment of secondary security measures beyond antivirus patterns and scanning routines.
04/15/2004
|
|
Page: 1 23 |
