HISTORY,MITIGATION, AND PROPOGATION OF COMPUTER WORMS.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla

What are worms?

Exploits Security of policy flaws in widely used services. Vender programs Operating Systems

Infects environment.

Worms vs. Viruses

Worms are a subset of Viruses

Differ in method of attachment Viruses attach to files for propagation Worms propagate without attachment

Viruses require user error.

Worms use known exploits to propagate.

History of Computer Worms

Christmas Tree Exec Worm Rendered international computer

networks unusable. 1987

Morris Worm Created by Robert T. Morris 1988 Fined $10,000 and sentenced to 3 years

probation

History of Computer Worms (continued) Melissa

1999 Created by David L. Smith

I Love You 2000 Same mechanism as the Christmas Tree Exec

Worm Slapper Worm

2002 Exploited a problem in OpenSSL to run remote

shells on other computers using certain versions of Apache

History of Computer Worms (continued) Other notable worms

1260 polymorphic worm 1990 First member of the chameleon family

Bubbleboy 1999

Worm.ExploreZip 1999

Worm Propagation

Port scans over the network and Internet

Look for open TCP ports to use as an attack vector.

Use compromised machine to probe others or produce mass mailings.

Worm Propagation (continued) Some worms know how to look for

vulnerabilities on systems with certain programs and configurations.

Mitigation and Defense.

Use a firewall Software or Hardware

Anti-virus and Anti-spyware programs

Monitor number of scans on the network

Never open an attachment found in an unsolicited e-mail.

Mitigation and Defense (continued). Access Control List

Monitor and restrict access to network. Packet Filtering

Firewall technique, monitors packets for compliance of user defined rules.

Null routing Filters packets and ignores any packets

matching a certain criteria acting as a limited firewall.

Useful in DDOS attacks.

Mitigation and Defense (continued). TCP Wrappers

Method of Access Control List Security Provides many layers of validity tests.

Constant vigilance Education Be proactive.

Modern Worms - Stuxnet

Truly identified in July 2010 Target oriented and supposedly

aimed at the Iranian Nuclear Reactor in Bushehr and enrichment facility of Natanz.

Aimed specifically for industrial setups, mainly drives which operate over 600Hz.

Real form of Cyber Warfare

Modern Worms – Stuxnet (Continued)

Uses more than a single language. Capable of updating itself and P2P

communication. Encrypted using FIPS 140-2 Standards. Digital signatures used to slow down

detection. Used all 4 zero day vulnerabilities of

Windows. First know rootkit for SCADA systems.

Protection From Stuxnet

Follow Siemens Guidelines.

Shutdown Internet to avoid Stuxnet updates.

Disallow the use of foreign USB drives.

Use updated SCADA versions and Microsoft patches.