VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum
Top 5 articles
J. Nazario «Defense and Detection Strategies against Internet Worms» (36973)
J. Shoch, J. Hupp «The "Worm" Programs - Early Experience with a Distributed Computation» (35284)
R3s1stanc3 «Combining a mailworm with GPG» (21659)
E. Filiol, E. Franc, A. Gubbioli, B. Moquet, G. Roblot «Combinatorial Optimisation of Worm Propagation on an Unknown Network» (21117)
M. Bowden «Worm: The First Digital World War» (16083)

Library: Computer worms and botnets

«Some ideaz about future worm» 3.87Kb 5715 hits
29a [6] (2002)
One day, when I was thinking about my future projectz I sudenly remembered some idea I heard somewhere, some yearz ago... I advanced it and even when I haven't finished the worm using these ideaz (anyway, I have the main part already finished), I want to share them with you... the real reason why I don't have any worm is becoz the spreading mechanism dependz on some buffer-overflow bug of new versionz of IIS and/or Outlook that will allow to execute arbitrary code on remote machine. And becoz there's no such bug found, I have to wait for that (then I will finish it)...:-P
Mark Bowden
«Worm: The First Digital World War» 404.25Kb 16083 hits
Atlantic Monthly Press (2011)
Mark Bowden’s Worm: The Story of the First Digital World War is about the next frontier in terrorism. Bowden, the best-selling author of Black Hawk Down, has delivered a dramatic cybercrime story that explores the Conficker computer worm, a potentially devastating computer virus that has baffled experts and infected as many as twelve million computers to date.When the Conficker computer worm was unleashed on the world in November 2008, cybersecurity experts did not know what to make of it. The worm, exploiting the security flaws in Microsoft Windows, grew at an astonishingly rapid rate, infecting millions of computers around the world within weeks. Once the worm infiltrated one system it was able to link that system with others to form a single network under illicit outside control—a situation known as a “botnet.” This botnet was soon capable of overpowering any of the vital computer networks that today control banking, telephone service, energy flow, air traffic, health-care information—even the Internet itself. Was it a platform for criminal profit, or a weapon? Security experts do not know for sure what Conficker’s purpose is, or even where it came from.Bowden’s book reports this new frontier on terror in a way that has never been done. He skillfully explores the dazzling battle of wits between expert programmers over the future of the Internet—a battle that has pitted those determined to exploit the Internet against those committed to protect it, and awakened the U.S. government for the first time to the urgent nature of the threat. In Worm: The Story of the First Digital World War, Mark Bowden delivers an accessible and fascinating look at the ongoing and largely unreported war taking place literally beneath our fingertips.
Mark Eichin, Jon Rochlis
«With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988» 139.28Kb 10466 hits
Massachusetts Institute of Technology (1989)
In early November 1988 the Internet, a collection of networks consisting of 60,000 host computers implementing the TCP/IP protocol suite, was attacked by a virus, a programwhich broke intocomputers on the network and which spread from one machine to another. This paper is a detailed analysis of the virus programitself, as well as the reactions of the besieged Internet community. We discuss the structure of the actual program, as well as the strategies the virus used to reproduce itself. We present the chronology of events as seen by our team at MIT, one of a handful of groups around the country working to take apart the virus, in an attempt to discover its secrets and to learn the network’s vulnerabilities. We describe the lessons that this incident has taught the Internet community and topics for future consideration and resolution. A detailed routine by routine description of the virus program including the contents of its built in dictionary is provided.
Eric Filiol, Edouard Franc, Alessandro Gubbioli, Benoit Moquet, Guillaume Roblot
«Combinatorial Optimisation of Worm Propagation on an Unknown Network» [TeX] [SRC] 35.83Kb 21117 hits
N. Goranin, A. Cenys
«Genetic algorithm based Internet worm propagation strategy modeling under pressure of countermeasures» [TeX] 30.9Kb 13071 hits
Journal of Engineering Science and Technology Review 2 (1) (2009) pp.43-47 (2009)
Internet worms remain one of the major threats to the Internet infrastructure. Modeling allows forecasting the malware propagation consequences and evolution trends, planning countermeasures and many other tasks that cannot be investigated without harm to production systems in the wild. Existing malware propagation models mainly concentrate on malware epidemic consequences modeling, i.e. forecasting the number of infected computers, simulating malware behavior or economic propagation aspects and are based only on current malware propagation strategies. Significant research has been done in the world during the last years to fight the Internet worms. In this article we propose the extension to our genetic algorithm based model, which aims at Internet worm propagation strategies modeling under pressure of countermeasures. Genetic algorithm is selected as a modeling tool taking into consideration the efficiency of this method while solving optimization and modeling problems with large solution space. The main application of the proposed model is a countermeasures planning in advance and computer network design optimization
Viktor Grichenko
«Modular worms» 22.98Kb 13923 hits (2001)
CodeRed and Nimda internet worms clearly demonstrated today's internet vulnerability. Technologies currently used by worm writers allow serious paradigm shift: modular, reusable and upgradeable worm design. Wide acception of these principles will dramatically increase malware penetration ability and staying power. Clear understanding of these possibilities will help to make adequate solutions on software design.
Darrell Kienzle, Matthew Elder
«Recent Worms: A Survey and Trends» 54.56Kb 13736 hits
Proceedings of the 2003 ACM workshop on Rapid malcode Washington, DC, USA, pp.1-10 (2003)
In this paper, we present a broad overview of recent worm activity. Virus information repositories, such as the Network Associates' Virus Information Library, contain over 4500 different entries (through the first quarter of 2003). While many of these entries are interesting, a great number of them are now simply historical and a large percentage of them are completely derivative in nature. However, these virus information repositories are the best source of material on the breadth of malicious code, including worms.This paper is meant to provide worm researchers with a high-level roadmap to the vast body of virus and worm information. After sifting through hundreds of entries, we present only those that we considered breakthrough or novel, primarily from a technical perspective. As a result, we found ourselves omitting some of the most notorious worms simply because they lacked any original aspects. It is our hope that others in the community who need to get up to speed in the worm literature can benefit from this survey. While this study does not contain any original research, it provides an overview of worms using a truly breadth-first approach, which has been lacking in the existing worm literature.From this raw data, we have also extracted a number of broad quantitative and qualitative trends that we have found to be interesting. We believe that a workshop discussion of these, and other thoughts, will be engaging and informative.
Carey Nachenberg
«Computer Parasitology» 96.5Kb 11691 hits
Proceedings of the Ninth International Virus. Bulletin Conference, September/October 1999, pp. 1–25 (1999)
Computer viruses have progressed from urban myth to annoyance to major threat; yet, even with all the damage that computer viruses have done, they pale in comparis on to what we have seen and have yet to see from the computer worm.
Jose Nazario
«Defense and Detection Strategies against Internet Worms» 630.04Kb 36973 hits
Artech House (2004)
This is the first book focused exclusively on Internet worms, offering you solid worm detection and mitigation strategies for your work in the field. This ground-breaking volume enables you to put rising worm trends into perspective with practical information in detection and defense techniques utilizing data from live networks, real IP addresses, and commercial tools. The book helps you understand the classifications and groupings of worms, and offers a deeper understanding of how they threaten network and system security.After examining how a worm is constructed and how its major life cycle steps are implemented, the book scrutinizes targets that worms have attacked over the years, and the likely targets of the immediate future. Moreover, this unique reference explains how to detect worms using a variety of mechanisms, and evaluates the strengths and weaknesses of three approaches—traffic analysis, honeypots and dark network monitors, and signature analysis. The book concludes with a discussion of four effective defenses against network worms, including host-based defenses, network firewalls and filters, application layer proxies, and a direct attack on the worm network itself.
One Semicolon
«Techniques a worm might use to be harder to locate» [SRC] 37.64Kb 10833 hits
This paper will discuss different things a worm might do in the future. Snippets of code are included. These snippets are written in Perl. Even if you do not program in Perl, this paper might be interesting just for the ideas that it has.
«The theory of building large p2p botnets» [SRC] 8.93Kb 7218 hits
Inception #1 (EN) (2013)
P2p botnet sounds truly grandiose. Many people think that only pros are capable of creating such a botnet. The truth is, the most important thing you need is to understand the theory of p2p, which is unbelievably simple.The main objective is to connect IP bots and pass commands from bot to bot.
«Combining a mailworm with GPG» 4.07Kb 21659 hits
Valhalla #4 (2013)
This summer, the whistleblower Edward Snowden leaked secret documents, showing that we are all spied on, by the NSA. Due to these leaks, we saw a massive growth in users of encryption software, like GnuPG (GPG) and others. I started thinking about different types of crypto and their problems (and in this case new toys for VXers).
«EPOC Virus Tutorial» 5.67Kb 9561 hits
Ready Rangers Liberation Front [6] (2005)
If you haven't heard of EPOC before, then I'll give you the background for it first. The EPOC OS was developed by a company called 'Symbian' and was used on Psion's handheld devices, these days Symbian have now started developing their Operating System for smartphones for example the Nokia 3650. OPL is a lanuage used on epoc for programming, and I see it as the same as the Basic lanuage on PC's. These days, programming for Symbian's new system requires you to know C++, like Cabair was coded in.
Joyce Reynolds
«RFC1135: The Helminthiasis of the Internet» 67.12Kb 11134 hits (1989)
This memo takes a look back at the helminthiasis (infestation with, or disease caused by parasitic worms) of the Internet that was unleashed the evening of 2 November 1988. This RFC provides information about an event that occurred in the life of the Internet. This memo does not specify any standard. Distribution of this memo is unlimited.
Donn Seeley
«A Tour of the Worm» 68.37Kb 15249 hits
Proceedings of the Winter 1989 Usenix Conference, San Diego, CA, p. 287. (1989)
On the evening of November 2, 1988, a self-replicating program was released upon the Internet (1) This program (a worm) invaded VAX and Sun-3 computers running versions of Berkeley UNIX, and used their resources to attack still more computers (2). Within the space of hours this program had spread across the U.S., infecting hundreds or thousands of computers and making many of them unusable due to the burden of its activity. This paper provides a chronology for the outbreak and presents a detailed description of the internals of the worm, based on a C version produced by decompiling.
John Shoch, Jon Hupp
«The "Worm" Programs - Early Experience with a Distributed Computation» 40.01Kb 35284 hits
Communications of the ACM, March 1982 Volume 25 Number 3, pp.172-180 (1982)
The "worm" programs were an experiment in the development of distributed computations: programs that span machine boundaries and also replicate themselves in idle machines. A "worm" is composed of multiple "segments," each running on a different machine. The underlying worm maintenance mechanisms are responsible for maintaining the wormmfinding free machines when needed and replicating the program for each additional segment. These techniques were successfully used to support several real applications, ranging from a simple multimachine test program to a more sophisticated real-time animation system harnessing multiple machines.
«Linux Worms - some ideas» 10.13Kb 11980 hits
Matrix Zine [3] (2001)
In these days ramen shocked the red hat users, because they suddenly realized that worms can also spread with unix/linux, a facts everyone seems to have forgotten since the morrison worm rocked 1988 through the arpanet. And while I am writing this, another worm called li0n goes through the world, all newer worms are just lame versions of what will come, these worms are all in all a collection of badly written shell script and some C ELF Binaries, to my mind there is much more possible than this. Nowadays, every Linux/Unix user tells a virus writer, that viruses and worms are just a problem with windows, because the unix system has stronger permissions for files and similar things. I want to discuss here some ideas how a worm could spread in Linux environment. Some of them have already been implemented, some not.
Eugene Spafford
«The Internet Worm: Crisis and Aftermath» 46.41Kb 16002 hits
Communications of the ACM 32, 6 pp.678-687 (1989)
The Internet computer network was attacked on Nov 2, 1988, by a computer worm. Although the program affected only Sun Microsystems Sun-3 workstations and VAX computers running a variant of version 4 of the Berkeley Unix, the program spread over a huge section of the network. Early the following day a number of methods for containing and eradicating the virus had been discovered and published. It was discovered that the worm exploited flaws in the Unix operating system's security routines and used some of Unix's own utilities to propagate itself. A complete description of the workings of the worm and its methods of entry into Unix systems are discussed. The aftermath of the infection and the motives of Robert T. Morris, its author, are also discussed.
«Wikipedia: Using free knowlegde for bad stuff» [SRC] 11.25Kb 9084 hits
Ready Rangers Liberation Front [7] (2005)
Many people know about the Interactive Disassembler. It is a great tool for disassembling many different file formats for many different CPUs. It even has a debugger now, so it can be used for all kinds of reverse-engineering, unpacking, decrypting, etc. In case that was not enough functionality, it also supports a language called IDC. In the words of Ilfak, IDC language is a C-like language. It has the same lexical tokens as C does: character set, constants, identifiers, keywords, etc. A program in IDC consists of function declarations.
«Writing irc worms for xchat2» [SRC] 4.92Kb 11776 hits
Nicholas Weaver, Vern Paxson
«A Worst-Case Worm» [TeX] 46.24Kb 11136 hits
Worms represent a substantial economic threat to the U.S. computing infrastructure. An important question is how much damage might be caused, as this figure can serve as a guide to evaluating how much to spend on defenses. We construct a parameterized worst-case analysis based on a simple damage model, combined with our understanding of what an attack could accomplish. Although our estimates are at best approximations, we speculate that a plausible worst-case worm could cause $50 billion or more in direct economic damage by attacking widely-used services in Microsoft Windows and carrying a highly destructive payload.
Nicholas Weaver, Vern Paxson, Stuart Staniford, Robert Cunningham
«A Taxonomy of Computer Worms» 45.5Kb 13514 hits
Proceedings of the 2003 ACM Workshop on Rapid Malcode (WORM), 2003. pp.11-18 (2003)
To understand the threat posed by computer worms, it is necessary to understand the classes of worms, the attackers who may employ them, and the potential payloads. This paper describes a preliminary taxonomy based on worm target discovery and selection strategies, worm carrier mechanisms, worm activation, possible payloads, and plausible attackers who would employ a worm.
Brandon Wiley
«Curious Yellow: The First Coordinated Worm Design» 22.03Kb 12071 hits
The Warhol worm design began the theoretical discussion of so-called "superworms", a new type of computer worms. A worm is a computer program which copies itself from computer to computer in an attempt to reproduce as much as possible. A superworm uses more advanced techniques to achieve very quick infection of the network. The primary strategy behind the Warhol superworm is to pre-scan the network for vulnerable targets. When the worm is launched it already has a large list of targets with a known method for infection and can therefore quickly infect an initial seed population.One thing which the Warhol paper mentions is that better results might be achieved via a coordinated worm in which various instances of the worm on different computers communicate with each other in order to optimize infection. The Warhol paper states, however, that no coordinated worm has ever been created. This paper proposes the first design for a worm which utilizes efficient communication between worm instances for an optimal infection strategy.
23 authors, 23 titles
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka