The spread of the worm in its most basic sense depends most greatly on how it chooses its victims. This not only affects the spread and pace of the worm network, but also its survivability and persistence as cleanup efforts begin. Classically, worms have used random walks of the Internet to find hosts and attack. However, new attack models have emerged that demonstrate increased aggressiveness.
The simplest way for a worm to spread as far as it can is to use random network scanning. In this method, the worm node randomly generates a network to scan, typically a block of 65,000 hosts (a /16 network) or 256 hosts (a /24) in a target network block. This worm node then begins to search for potential victims in that network space and attacks vulnerable hosts. This random walk is the classic spread model for network-based worms.
Read the rest of this entry »
Ramen worm which appeared in late 2000 to early 2001, and characterize this instance. Max Vision has written an excellent dissection of the Ramen worm, including the life cycle, which should also be studied. In mapping these components to a worm found in the wild, we can see how they come together to form a functional worm.
Ramen was a monolithic worm, which is to say that each instance of an infected host has the same files placed on it with the same capabilities. There exists some flexibility by using three different attack possibilities and by compiling the tools on both RedHat Linux versions 6.2 and 7.0, but each set of files (obtained as the tar package “ramen.tgz”) is carried with each instance of the worm.
Read the rest of this entry »
The worm’s attack components are their most visible and prevalent element. This is the means by which worm systems gain entry on remote systems and begin their infection cycle. These methods can include the standard remote exploits, such as buffer overflows, cgi-bin errors, or similar, or they can include Trojan horse methods. An example of the latter would be the use of an infected executable being sent to an e-mail client by a worm as one of its attack vectors.
This component has to be further subdivided into two portions: the platform on which the worm is executing and the platform of the target. This attack element can be a compiled binary or an interpreted script, which utilizes a network component from the attacking host, such as a client socket or a network aware application, to transfer itself to its victim.
Read the rest of this entry »
Until recently, network security was something that the average home user did not have to understand. Hackers were not interested in cruising for hosts on the dial-up modems of most private, home-based users. The biggest concern to the home user was a virus that threatened to wipe out all of their files (which were never backed up, of course).
Now the situation has changed. Broadband technologies have entered the common home, bringing the Internet at faster speeds with 24-hour connectivity. Operating systems and their application suites became network centric, taking advantage of the Internet as it grew in popularity in the late 1990s. And hackers decided to go for the number of machines compromised and not high-profile systems, such as popular Web sites or corporate systems.
Read the rest of this entry »
With the exception of companion viruses, viruses operate by changing files. An integrity checker exploits this behavior to find viruses, by watching for unauthorized changes to files.
Integrity checkers must start with a perfectly clean, 100% virus-free system, it is impossible to understate this. The integrity checker initially computes and stores a checksum for each file in the system it’s watching. Later, a file’s checksum is recomputed and compared against the original, stored checksum. If the checksums are different, then a change to the file occured.
Read the rest of this entry »
A reverse firewall filters outgoing traffic from a network, unlike a normal firewall which filters incoming traffic. In practice, filtering in both directions would probably be handled by the same software or device.
As with firewalls, the key to an effective reverse firewall is its policy: what outbound connections should be permitted? The principle is that a worm’s connections to infect other machines will not conform to the reverse firewall policy, and the worm’s spread is thus blocked. The decision is based on the same packet header information as was used for a firewall, including source and destination IP addresses and ports.
Read the rest of this entry »
Do not ever choose a website hosting without certain facts that it is a quality one, especially if you’re using it for doing your business. Only choose the best web hosting that can run smoothly. Tips on choosing hosting this time hopefully be useful for you who will choose the hosting or hosting has never before bought but turned out disappointing results. Less fitting it would be like to talk about hosting without a domain. Both are like two lovebirds who can not be separated. Hosting as a publisher of data, while their own domain name is the name of the address where your files are placed.
Lets have look below tips before you choose the best one: Read the rest of this entry »