View
220
Download
1
Category
Preview:
Citation preview
HISTORY,MITIGATION, AND PROPOGATION OF COMPUTER WORMS.
By: Sharad Sharma, Somya Verma, and Taranjit Pabla
What are worms?
Exploits Security of policy flaws in widely used services. Vender programs Operating Systems
Infects environment.
Worms vs. Viruses
Worms are a subset of Viruses
Differ in method of attachment Viruses attach to files for propagation Worms propagate without attachment
Viruses require user error.
Worms use known exploits to propagate.
History of Computer Worms
Christmas Tree Exec Worm Rendered international computer
networks unusable. 1987
Morris Worm Created by Robert T. Morris 1988 Fined $10,000 and sentenced to 3 years
probation
History of Computer Worms (continued) Melissa
1999 Created by David L. Smith
I Love You 2000 Same mechanism as the Christmas Tree Exec
Worm Slapper Worm
2002 Exploited a problem in OpenSSL to run remote
shells on other computers using certain versions of Apache
History of Computer Worms (continued) Other notable worms
1260 polymorphic worm 1990 First member of the chameleon family
Bubbleboy 1999
Worm.ExploreZip 1999
Worm Propagation
Port scans over the network and Internet
Look for open TCP ports to use as an attack vector.
Use compromised machine to probe others or produce mass mailings.
Worm Propagation (continued) Some worms know how to look for
vulnerabilities on systems with certain programs and configurations.
Mitigation and Defense.
Use a firewall Software or Hardware
Anti-virus and Anti-spyware programs
Monitor number of scans on the network
Never open an attachment found in an unsolicited e-mail.
Mitigation and Defense (continued). Access Control List
Monitor and restrict access to network. Packet Filtering
Firewall technique, monitors packets for compliance of user defined rules.
Null routing Filters packets and ignores any packets
matching a certain criteria acting as a limited firewall.
Useful in DDOS attacks.
Mitigation and Defense (continued). TCP Wrappers
Method of Access Control List Security Provides many layers of validity tests.
Constant vigilance Education Be proactive.
Modern Worms - Stuxnet
Truly identified in July 2010 Target oriented and supposedly
aimed at the Iranian Nuclear Reactor in Bushehr and enrichment facility of Natanz.
Aimed specifically for industrial setups, mainly drives which operate over 600Hz.
Real form of Cyber Warfare
Modern Worms – Stuxnet (Continued)
Uses more than a single language. Capable of updating itself and P2P
communication. Encrypted using FIPS 140-2 Standards. Digital signatures used to slow down
detection. Used all 4 zero day vulnerabilities of
Windows. First know rootkit for SCADA systems.
Protection From Stuxnet
Follow Siemens Guidelines.
Shutdown Internet to avoid Stuxnet updates.
Disallow the use of foreign USB drives.
Use updated SCADA versions and Microsoft patches.
Recommended