11.1 viruses and internet worms

Question 1

Virus

Answer 1

infection of an existing program that results in modification of behavior

Question 2

Worm

Answer 2

code that propogates and replicates across the network

Question 3

Viruses do not require user activity to spread

Answer 3

false, they do dumbass

Question 4

Worms propagate automatically

Answer 4

true dawg

Question 5

Different types of viruses

Answer 5

Parasitic: infects executable files
Memory-resident: infect running programs
Boot sector: spreads when system is booted
Polymorphic: encrypt part of virus program using randomly generated key

Question 6

Worm lifecycle

Answer 6

1. Discover/scan for vulnerable hosts

2. Infect vulnerable machines via remote exploit

Question 7

what was the first worm

Answer 7

morris worm

Question 8

morris worm

Answer 8

no malicious payload, but slowed down machines it was on by spawning processes
Looked to crack passwords
Spread by: remote shell execution, buffer overflow/remote exploit

Question 9

Worm design general approach

Answer 9

1. Scan: find vulnerable hosts
2. Spread
3. Remain undiscoverable

Question 10

First modern worm

Answer 10

Code Red1

Question 11

Code red1

Answer 11

2001
exploited microsoft buffer overflow
randomly spread over a 20 day period each month

Question 12

code red 1 vs code red 2

Answer 12

same vulnerability, different payload

Question 13

zero day attack

Answer 13

when a worm first appears in the wild

Question 14

worm infection rates

Answer 14

can be exponential

Question 15

Increasing intial compromise rate

Answer 15

1. Create a hit list: list of vulnerable hosts

2. Permutation scanning: shared permutation of IP address lists.

Question 16

Slammer worm

Answer 16

2003
buffer overflow in microsoft sql server
entire code fit into one UDP packet
caused 1.2 billion dollars in damage