Computer worms: named form science fiction shockwave rider named by John

F Shoch and Jon A Hupp

Self replicating
uses a network to spreadthey basically affect a network
no need of user intervention
they are independent they do not attach themselves to any existing program
In the beginning Soch and Hupp crated these code to find idle systems on the
network automatically and assign them some obs so that their s!y efficiency
could improve" #heir intend were no further"
NOTE: virus: they attach themselves to existing program
they do not target a network they target a stand alone system
worms types spreading :
some of them have the intend of ust sitting on the system and they do not
bother it and passes to another thru this
first ever harmful worm: MORRIS worm referred to as the $%reat
&orm$' significant media attention was given( first ever to spread through
internet" Launched from MIT in 1!!' ust to disguise the fact that it was
originally formed by students at colonel uni"er#i$%& #he person who developed
this happens to be prof" at )I#"
&as created with good intend to gauge the si*e of internet"
Incidentally it turned out to be a havoc causing denial of service attack" It
exploits the vulnerabilities of the s!y in net"
)IS#+,-: this worm does not bother if a copy of it already exits in the
system it ust places its replica and starts running"
If at all it asked the host whether its copy is already existing this would
not have become harmful"
&ritten in .C/"
-00-C#: 1222 s!y 32(322) 4 loss"
M%doom fastest spreading email worm 5an 61 6227" next fastest to sobig
worm"
#he worm contains the text message "andy; I'm just doing my job, nothing
personal, sorry," leading many to believe that the worm8s creator was paid to
create it"
+uthor( still unknown
I9#-9:: :istributed denial of service attack of SC; group
<ack :oor on port and causing it to run as a child process in win=creates
'om(ie#&&
S>S-?-C#: linux or open source ppl
Identified by Craig of )c+fee"
#-CH9;@@;%A: it appears to sender as transmission error
&hen received it has subect names as -rror' mail delivery system in
different lang" when opened it has an attachment" &hen its run it causes this
mail to be sent to all users found in the address book"/
9;#-: this avoided all the "edu targets such as )S' )I# universities etc"
M%doom&) this version targeted )s"server and caused no antivirus updates to
be delivered" *+ Jul%: + variant of )ydoom attacks %oogle' +ltaBista and
@ycos' completely stopping the function of the popular %oogle search engine
for the larger portion of the workday' and creating noticeable slow(downs in
the +ltaBista and @ycos engines for hours"
a#%mme$ric (ac,door is a backdoor Ce"g"' in a cryptosystemD that can only be
used by the attacker even after it is found" #his contrasts with the
traditional backdoor that is symmetric' i"e"' anyone that finds it can use
it"
+ -ue#$iona(le encr%p$ion scheme has the property that real public keys are
computationally indistinguishable from fake public keys when the private key
is not available"
#he So(i. /orm was a computer worm that infected millions of Internet(
connected' )icrosoft &indows computers in +ugust 622E"
B-FSI;9S: So(i.&A0) 01 F& Its actually a mixutre of #roen G backdoor G worm
#he Sobig worm will appear as an electronic mail with one of the following
subects: Fe: +pproved' Fe: :etails' Fe: Fe: )y details' Fe: #hank youH'
Fe:#hat movie Fe: &icked screensaver Fe: Aour application #hank youH Aour
detailsI It will contain the text: $See the attached file for details$ or
$?lease see the attached file for details"$
&hile the term $(o$ne$$ 'om(ie# can be used to refer to any group of bots'
such as IFC bots' the word is generally used to refer to a collection of
compromised computers Ccalled *ombie computersD running programs' usually
referred to as worms' #roan horses' or backdoors' under a common command and
control infrastructure" Several botnets have been found and removed from the
Internet" #he :utch police found a 3"J million node botnet
K3L
and the 9orwegian
IS? #elenor disbanded a 32'222 node botnet"
K6L
@arge coordinated international
efforts to shutdown botnets have also been initiated"
KEL
It has been estimated
that up to 3!7 of all personal computers connected to the internet are part of
a botnet
<otnets are exploited for various purposes: including denial(of(service
attacks' creation or misuse of S)#? mail relays for spam 'click fraud' and the
theft of application serial numbers' login I:s' and financial information such
as credit card numbers"
2SEF2LL /ORMS:
Welchia tries to help the user by downloading and installing security
patches from )icrosoft' so it is a helpful worm"
#hough even as it implies no harm' it can ((increase network traffic' ((reboot
the infected computer' and more importantly=(it operates without consent and
does not log anything" It has had several different variants and childworms"
Specifically' the welchia worm targeted machines running /indow# 34&
indeed' it actually helped to secure certain systems = it did create
vast amounts of traffic by its transmission method' thereby slowing down
the Internet and the )icrosoft website" once the patches had been
installed' it rebooted the system" <ecause of these effects' the worm
was perceived as a threat' and a patch was released by all maor anti(
viral companies"
5I LO6E 27 worm )ay 7' 6222 with the simple subect of $I@;B-A;>$ with
an attachment $@;B-(@-##-F(0;F(A;>"#M#"vbs$" again it attacks the
mailers list and mails it by itself and as an aNuntise as if generated
by people from east&
EFFE8TS J"J billion dollars in damage" <ritish parliament shut their
systems dowm because of this" #he worm overwrote important files' as
well as music' multimedia and more' with a copy of itself mainly
microsoft windows" #he <arok troan used by the worm" It will add a set
of registry keys to the &indows registry that will allow the malware to
start up at every boot"