Worms are a particularly dangerous type of hostile code. They replicate themselves by independently exploiting vulnerabilities in networks. Worms almost always slow down networks.
Hackers and Attackers use five basic phases of attack, regardless of whether a worm or virus is employed-
1. Probe -The goal is to find computers that can be subverted. Internet Control Message Protocol (ICMP) ping scans are used to map networks. Then the application scans and identifies operating systems and vulnerable software. Hackers can obtain passwords using social engineering, dictionary attack, brute-force attack, or network sniffing.
2. Penetrate - Attackers create code which is transferred to the vulnerable target. The goal is to get the target to execute the exploit code through an attack vector, such as a buffer overflow, ActiveX or Common Gateway Interface (CGI) vulnerabilities, or an email virus.
3. Persist - After the attack is successfully launched in the memory, the code tries to persist on the target system. The goal is to ensure that the attacker code is running and available to the attacker even if the system reboots. This is achieved by modifying system files, making registry changes, and installing new code.
4. Propagate - The attacker attempts to extend the attack to other targets by looking for vulnerable neighboring machines. Propagation vectors include emailing copies of the attack to other systems, uploading files to other systems using file shares or FTP services, active web connections, and file transfers through Internet Relay Chat (IRC).
5. Paralyze - Actual damage is done to the system. Files can be erased, systems can crash, information can be stolen, and distributed DoS (DDoS) attacks can be launched.
These phases have been using for 20 years. The most infections in computer networks-
1. ->Morris Worm infection- 1998.
2. -> Love Bug-2000.
3. ->Code Red-2001.
4. ->Slammer-2003.
5. ->MyDoom-2004.
6. ->Zotob- 2005.
7. -> MS RPC-2007.
For Further Reading,
0 comments:
Post a Comment