| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Mass-Mailing Worms: Prevention, Detection and Response (A Case Study) In this paper I describe the approaches to mass-mailing worm prevention, detection, and incident response that I have developed and used on a large university network. The prevention strategy has encompassed user education and awareness, desktop anti-virus policy, and minimally invasive server-based filtering of incoming email, while the approach to worm detection is based on detecting traffic patterns of worm behavior on the network itself, using readily available open source tools, including the argus real time flow monitor and the Perl scripting language. In this paper I present results which demonstrate the efficacy of our strategies for prevention, behavior-based (as opposed to signature-based) detection, and recovery, and I discuss future directions based on lessons learned to date.
04/15/2004
|
|
Internet Worms: Walking on Unstable Ground Each day, worms are becoming a more common occurrence on the Internet, as the incidents increase, we must be thinking proactively in order to lessen the negative effects these worms have on the Internet community. It is important to remember that the livelihood of many businesses is based on an Internet presence. The monetary losses incurred by businesses relating to these worms are hard to measure. Some estimate losses for each occurrence to be around $1 billion. The true value of damages may never be known. Many companies prefer not to publicly report losses since they do not want to diminish customer confidence in their services.
04/15/2004
|
|
Simulating Network Worms This paper describes the design and use of a framework in which to simulate network worms. Includes examples of simulations of most network worms (ADM, Code Red I vs Code Red II, 1i0n vs cheese) albeit in a 16-bit address space. Lots of code and coding examples.
04/15/2004
|
|
Slammer: Before, During and After The internet was built to provide flexibility and easy connectivity, however, these qualities of the Internet raise major security concerns that they could be exploited to disrupt our daily lives. One such disruption was the spread of the Slammer/Sapphire worm, which happened on January 25th, 2003. During the spread of the worm, many lost their internet connection, were not able to use ATMs, or saw their flights delayed directly due to the worm?s activity.
04/10/2004
|
|
Web Application Worms: Myth or Reality? This paper discusses the possibility of automated, self-propagating attacks on custom web application code. It shows that such attacks are not only feasible but that their theoretical success rate is far greater than worms targeting commercial infrastructure.
03/31/2004
|
|
Virus, Worm & Spam Costs 1: An Episode at the University of Florida MSBlast, SoBig, and NACHI attacked users on the networks at the University of Florida (UF) mid-August, 2003. All most all academic and administrative groups were affected directly or indirectly by these viruses, worms, and spam (VWS). By the end of the first week of September, 2003, an extensive cleanup and maintenance effort was in process across the 85,000-member UF community. And, the UF Provost for IT requested an estimate of the costs of the episode to the UF.
03/24/2004
|
|
A Comparison Study of Three Worm Families and Their Propagation in a Network Malicious code, also referred to by common terms such as viruses, worms, and trojans, are a significant component of the scope of attacks that a modern IT organization must be prepared to defend against if they are operating with any Internet connectivity at all. The general term of malicious code, an umbrella term, is used to describe any code that performs unsolicited activity without the authorization of the user, and the more common and specific terms are often seen in technical write-ups of specific instances, or in the press due to their wide spread recognition.
03/23/2004
|
|
Inside the Stages worm Recent e-mail worm incidents have attracted so much media coverage that one might expect users, as a group, to be more wary of running emailed attachments. However, following the June 2000 in-the-wild appearance of his creation, VBS.Stages, infamous Argentinean virus writer Zulu has aptly demonstrated the folly of this assumption.
03/23/2004
|
|
Effects of Worms on Internet Routing Stability The impact of worms on the Internet has increased significantly over the past five years, in particular worms such as CodeRed II, NIMDA, and the more recent SQL Slammer prove that the ability to effectively impact the Internet overall is here. This impact is not only felt at the connection endpoint where the worm takes residence and replicates itself but also on the infrastructure in-between. In the period of time that CodeRed II infection was at its most severe levels a unique effect began to be observed whereby global routing instability was detected throughout the Internet.
03/23/2004
|
|
Building Anna Kournikova: An Analysis of the VBSWG Worm Kit The Homepage and the Anna Kournikova worms are two high-profile examples of the VBS/VBSWG@mm family of visual basic script worms. These worms are generated by the VBSWG kit, one of the many virus-generating kits that are easily available on the Internet. These kits make writing a virus a simple, straightforward and unskilled task. Given the prominence of this kit, and its related worms, it would be useful for security and virus professionals to better understand it. With this in mind, this article will analyze the VBSWG kit itself (version 1.50b) and will discuss its functionality in detail. This discussion will also explain the attack points by which heuristic engines can detect all possible generations of the VBS/VBSWG@mm worms.
03/23/2004
|
|
Page: 1 2 3 |
