« October 2006 | Main | May 2007 »
Grey Goo hits Second Life
This isn't the first time a worm (self replicating code) has hit a a large online game, and it wont be the last. Via various news outlets (like this BBC story, Slashdot, and the official Second Life blog:
[PST 2:44PM] An attack of self-replicators is causing heavy load on the database, which is in turn slowing down in-world activity. We have isolated the grey goo and are currently cleaning up the grid. We’ll keep you updated as status changes.
This appearantly took them offline for a few hours. (I don't use Second Life or any of these online communities, so all of my information is second hand.)
Grey Goo within Second life, from richardparent.net.
I have to admit, I like the idea of being able to watch the worm infect a world, sort of like a visible germ cloud or something. Way more interesting than looking at traffic stats when things go awry.
November 20, 2006 in media, new trends, new worms | Permalink
| Comments (27)
Tell others: digg submit
del.icio.us this
Hacking the Malware– A reverse-engineer’s analysis
A nice, thorough analysis of a Yahoo! instant messaging worm by Rahul Mohandas, showing how he decoded the exploit, reverse engineered it, and it's effects. Very good example, and something you can learn from.
This paper attempts to document an approach on how the hackers make use of the vulnerabilities to install malicious software on the vulnerable machine. A comprehensive reverse code engineered analysis of the malicious software (Win32.Qucan.a) and the various protection schemes against the worm by various security products are also discussed.
I also describe an approach to setting up a flexible laboratory environment using virtual workstation software such as VMware, and demonstrate the process of reverse engineering a worm using a range of system monitoring tools in conjunction with a disassembler.
I hope this document will help the Malware researchers, Intrusion Analysts and other Security professionals to conduct a more viable and comprehensive research.
Source: Hacking the Malware– A reverse-engineer’s analysis, by Rahul Mohandas. Pointed out by B on IRC. Thanks!
November 8, 2006 in IM worms, malware , papers, tools | Permalink
| Comments (7)
Tell others: digg submit
del.icio.us this
A spread model of flash worms
I can't let another week go by and not post a paper on worm modeling. This one looks at a more rigorous model of how a "Flash Worm" would work. Some decent math, it's worth the effort to make sure you understand the equations.In this work we we introduce a mathematical model for epidemics of worms using hit-list spreading technique. Flash worms to infect the whole vulnerable population. The estimated infection time shows that even heavy network worm can potentially infect large-scale vulnerable population within few seconds. Primarily the work is based on results of the work Top Speed of Flash Worms by S. Staniford et al.. We also genralize infection doubling technique used to increase a resilience of flash worms epidemics. It took the whole day for Code Red I v2 to spread among over 350,000 Internet hosts. Slammer worm infected more than 90 percent of up to 100,000 vulnerable hosts within 10 minutes (Inside the Slammer Worm by D. Moore et al.), Witty worm infected almost all of its 12,000 victims in 45 minutes (The Spread of the Witty Worm by C. Shannon and D. Moore).Source: A spread model of flash worms,Yury Bulygin.
November 7, 2006 in modeling, papers | Permalink
| Comments (6)
Tell others: digg submit
del.icio.us this
And you thought you were safe after SLAMMER, not so, Swarms not Zombies present the greatest risk to our national internet infrastructure
I had a great time at WORM06 in Fairfax last week, and in my scramble to get work done in preparation for a day out of the office Wormblog updates slipped.
This paper comes from a conference on swarm intelligence and security. This is another one of those "worst worm" design papers, but it uses a novel approach: swarm intelligence.
The problem of attacks where sophisticated communities, such as BLACKHAT users, compromised larger and larger number of unsuspecting (and unsuspected) home personal computers in an effort to launch major attacks on both Government and corporate networks will be addressed in this manuscript. We called these attacks "Swarm Attacks", like a "swarm of bees". The Slammer, which is currently the fastest computer worm in recorded history, is an early precursor to this class of threat. Most proposed countermeasures strategies proposed to deal with such attacks, are based primarily on rate detection and limiting algorithms, or the detection of a sudden increased occurrence of "Destination Unreachable" messages in a network. However, we speculate that such strategies will prove ineffective in the future.
In this manuscript we will introduce the basic principles behind the idea of such "Swarm Worms", the nature of the intelligent behavior that emerges, as well as the basic structure required in order to be considered a "swarm worm", based on our definition. In addition, we will present preliminary results on the propagation speeds of one such swarm worm, called the ZachiK worm. We will show that ZachiK is capable of propagating at a rate 2 orders of magnitude faster than similar worms without swarm capabilities while remaining stealthy.
Source: And you thought you were safe after SLAMMER, not so, Swarms not Zombies present the greatest risk to our national internet infrastructure, Fernando C. Colon Osorio and Zachi Kloppman.
November 6, 2006 in new trends, papers | Permalink
| Comments (3)
Tell others: digg submit
del.icio.us this
