worm blog: Web Application Worms: Myth or Reality?

« Traffic Analysis on a Mass Mailing Worm and DNS/SMTP | Main | Detection of Mass Mailing Worm-infected IP address by Analysis of Syslog for DNS server »

Web Application Worms: Myth or Reality?

A paper which explores a once hypothetical scenario, application worms. These aren't entrely the stuff of fiction, as Santy, a worm that used Google to detect vulnerable sites, and Anti-Santy, another worm which used Google to detect its targets, have both been seen in the wild. Were they faster than Code Red or Slammer? Not really, although that's possibly not the fault of the method. They were, however, easy to detect and stop.

This paper discusses the possibility of automated, self-propagating attacks on custom Web application code. It will show that such attacks are not only feasible but that their theoretical success rate is far greater than worms targeting commercial infrastructure (e.g., Slammer, Code Red, Blaster, Nachi, etc.).
It is the intent of this paper to raise awareness of the threat posed by automated attacks on vulnerabilities that exist in every organization's Web infrastructure. Threats of this type that cannot be avoided by counting on current IPS technologies and the law of large numbers.

Source: Web Application Worms: Myth or Reality?, by Amichai Shulman.

June 8, 2005 in new trends, papers | Permalink
Tell others: digg submit | del.icio.us this | Reddit

Comments

This paper annoyed me when I first read it a while back, but I couldn't quite put my finger on why.

When "Santy" appeared, my first thought was "those dorks who wrote the web-application-worm-paper will be pleased with themselves."

I think that a "web application worm" is just another yawn - it's just a matter of time before someone figures out another "injection" exploit just like Santy used, and we see another worm.

Has it occurred to anyone else that "SQL injection" and in Santy's case Perl injection, are semantically identical to buffer overflows?

Posted by: Bruce Ediger | Jun 9, 2005 1:38:13 AM

This paper isn't very recent...
I think it's the first I have red, talking about webworms...
I have made an analysis of the Santy.A worm (in french), can be found on my website ( http://devloop.lyua.org/index.php?p=papers&id=santy )
Don't you think webworms are the worms of the future ?

so sorry, I don't speak english very well :/

Posted by: devloop | Jun 9, 2005 3:12:29 PM

The comments to this entry are closed.