« W32 Deloder Worm: The Building of an Army | Main | Detection of New Malicious Code Using N-grams Signatures »
SMB Shares and Worms - A Parasitic Relationship?
Another SANS practical report they have on their website. These are useful because you get to see how people learned how to collect and analyze malware.
This document will examine the business and technical ramifications of a variant of the Deborm worm. This incident actually happened in a real business environment and more or less had the business repercussions detailed. The fact that this was not a very powerful worm is a lesson to all that the Internet is, as Tom Cruise said in Top Gun, a "target rich environment". No matter how simple the exploit, there are billions of targets out there to choose from. This paper will help the reader understand the worm lifecycle and how to defend against the various strategies they use to move around networks and invade host machines. This worm studied is simple but the lessons learned can be applied to the more complex worms that are appearing today.
Source: SMB Shares and Worms - A Parasitic Relationship? An analysis of the W32/Deborm.worm.q, by Ken Ramsay.
July 23, 2005 in detection, papers, tools | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
