The introduction of a worm at multiple points in the network overcomes several limitations of the single-point introduction method described. First, it has a higher chance of gaining a strong foothold within the network earlier than when compared to a single node starting out. This is due to the presence of multiple, redundant nodes. These can compensate for failure at any one node.
Second, this affords an added element of speed, which can be quite significant if the introduction is over a wide number of hosts. By quickly ramping up the number of worm nodes, the worm network can be several generations ahead of a single-point worm introduction. Obviously, a nontrivial number of nodes are required to make this impact noticeable.
Read the rest of this entry »
Island hopping named because it treats network blocks as islands on which it focuses attention before hopping away to a new, random destination. First discussed as a theoretical spread model after the release of Code Red 1, this spread pattern has proven to be highly effective in the long term.
The amount of attention spent on each network block can vary depending on the worm implementation. Typically, these boundaries fall on classfull network boundaries, such as /24, /16, /8, and, of course, /0. While this does not match many of today’s classless networks (which are subnetted on nonoctet boundaries), it does work well for the average case.
Read the rest of this entry »
As it begins its work, the worm has to identify hosts it can use to spread. To do this, the worm has to look for an identifying attribute in the host. Just as an attacker would scan the network looking for vulnerable hosts, the worm will seek out vulnerabilities it can leverage during its spread.
Reconnaissance steps can include active port scans and service sweeps of networks, each of which will tell it what hosts are listening on particular ports. These ports are tied to services, such as Web servers or administration services, and sometimes the combination can tell an attacker the type of system they are examining.
Read the rest of this entry »
The reason why the title is worms analysis and symptoms is because worms could be classified like disease with lots of symptoms. So lets have a look at worms analysis in order to prevent infection inside computer.
Prior information security analysis techniques are not effective in evaluating worms. The main issues faced in worm evaluation include the scale and propagation of the infections. These facets typically receive little attention in traditional information security plans and responses.
Read the rest of this entry »
It all began innocently enough. An electronic-mail virus, Melissa, was the big morning news in your inbox, if you were getting mail at all. The common question on everyone’s mind was: What the heck is going on? A few hours later, we all knew and were taking steps to stop the spread.
Melissa spread with the rising sun, first hitting the Asia-Pacific region, which includes Hong Kong, Singapore, and Australia, and then hitting Europe. By the time it hit North America, where I live, we knew a lot about it. We worked feverishly to stop it, some sites having more success than others.
Read the rest of this entry »
We all know that many viruses or worms or spam continuing and repeatedly booming the internet network. For us who already know their existing, installing anti virus or anti spam system is the primary solutions.
Although how powerful your anti virus system is, but if you do something such as letting those spam in, it means your data is in high risks. So how to solve the problems? lets find out below.
Read the rest of this entry »
Malware can be roughly broken down into types according to the malware’s method of operation. Anti-”virus” software, despite its name, is able to detect all of these types of malware.
There are three characteristics associated with these malware types.
1 Self-replicating malware actively attempts to propagate by creating new copies, or instances, of itself. Malware may also be propagated passively, by a user copying it accidentally, for example, but this isn’t self-replication.
Read the rest of this entry »