worm blog: Anatomy of the web application worm

« Teenager admits to unleashing internet worm | Main | Polygraph: Automatically Generating Signatures for Polymorphic Worms »

Anatomy of the web application worm

Another paper which looks at the hypothetical future of more intelligent worms, ones which actively try and find holes and develop working attacks.

Today's internet worm as mentioned above relies on particular system daemons to be exploited with either known, or unpublished exploits. Usually a worm will attack a service such as ftp, your mail daemon, or your webserver (see Code Red and Nimda). Of course one way of stopping a worm from spreading is patching your application so infection is not possible. Once your application is patched from the hole in question, you are considered safe. What if a worm had been created to not only infect applications, but find new holes in them as well. This would mean that the worm would not depend on a machine running a specific application, and therefore the worm would be harder to stop. Some people decide not to check for product updates for months for some or all of their applications in use. This can lead to spreading of the worm for longer periods of time. If a machine was infected by custom applications written by either staff at the company, or their consultants ,then it may take some time for a patch to be written and the spread of the worm to stop. On top of this what if the same machine had two applications infected at the same time?

Source: Anatomy of the web application worm, by admin(at)cgisecurity.com.

July 6, 2005 in new trends, papers | Permalink
Tell others: digg submit | del.icio.us this | Reddit