jump to navigation

Stop the Spread of Worms November 21, 2013

Posted by Jiaqi Wu in Security.
trackback

In the computing world, malicious software is prevalent. This is only the case because there are people who prey upon weaknesses in a vast system. Unfortunately as technology complexity increases, vulnerability will also increase. It is up to system implementers to reduce possible vulnerabilities in order to maintain the security of a system.

A worm is defined as a self executing and propagating piece of malicious software. It is different from a virus in that it does not need a host program to be activated. It is designed to take advantage of vulnerabilities in a system just like all malicious attacks. There are numerous ways to reduce vulnerabilities however. The unfortunate part is that many engineers and developers are aware of the techniques but often fail to use them. In the article “The Internet Worm Program: An Analysis” several vulnerabilities are described.

Insecure C library routines:

The C standard library has numerous routines which are exploitable. Many of the array copying routines for example are inherently dangerous as they do not perform bounds checking. strcat and strcpy are examples of this. When these routines are used, a malicious program can copy binary from one array into another array that is too small. This causes stack overflow which results in potential malicious code being executed. The alternative is to use the safe versions of these routines strncat and strncpy

Common User ID for Services

In some servers a common user ID owns all the services. This results in an exploitation of one service gaining access to all services on a system. UNIX based systems can provide each service with an individual user such that a service only has access to itself and its own resources.

Password Storage

The system in the article stored encrypted passwords in a publicly readable file. A worm was able to obtain the password by encrypting password attempts and comparing them with the plain text file. The mistake here is making this file publicly readable. Once the password list is loaded into the program, it can execute brute force attacks very quickly. Shadow password files are the solution to this. These files are only readable by system administrators and enforce a time delay between subsequent reads. This makes brute force attacks unreasonable because of the amount of time it would take to complete.

There are numerous ways to protect against worms and every effort counts. Malicious software always takes advantage of the minute details that engineers miss. In every complex system, most of the vulnerabilities are covered up but a few always slip through the cracks. This is the importance of ensuring that the software at the platform level is secure. Software is only as secure as its weakest link.

 

[1] Eugene H. Spafford. 1989. The internet worm program: an analysis.SIGCOMM Comput. Commun. Rev. 19, 1 (January 1989), 17-57. DOI=10.1145/66093.66095 http://doi.acm.org/10.1145/66093.66095

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: