jump to navigation

The Internet Worm: Don’t Get Hooked December 17, 2013

Posted by 8237mcraew in Security.

On the evening of 2 November 1988, the world witnesses the birth of the Internet Worm.  Designed to exploit BSD-derived UNIX systems, this worm eventually spread to thousands of machines, and disrupted normal activities and Internet connectivity for many days [1].  Within days, steps were taken eradicate this threat, but the damage was done.  The Internet, and those machines connected to it, was vulnerable and now everyone knew it.

Since the 1988, the worm has continued to evolve, as well as the methods to combat it.  We will discuss the various methods available to reduce risk of worm infection.  But first, let’s talk about what the Worm is.

 A worm is a program that can run by itself and can propagate a fully working version of itself to other machines. It is derived from the word tapeworm, a parasitic organism that lives inside a host and saps its resources to maintain itself [1].

A worm differs from a virus in that it is capable of running itself, while a virus requires a host process to activate it.  The original worm, despite shutting down a number of machines and disrupting Internet connectivity, was not particularly malicious.  However, more recent evolutions of the internet worm have produced devastatingly harmful payloads.    Common worm attacks have been known to cause crypto-file extortions and backdoor access to allow the creation a zombie computer under the control of the Worm’s author [2].

There are means available to protect your systems from a worm attack.  I have listed them below for your benefit.

1. Ensure appropriately restrictive properties for critical files, such as configuration and command files.

Targeted by the original worm, steps to prevent modification of configuration, command, and host files can hinder propagation the worm in an infected system.

2.  Stay up to date on patches and security fixes for all our public computers desktop and server.

Since the original worm attack in 1988, considerable mental and physical resources have been spent in closing security gaps in programs and system in order to prevent worm infection.  Of course, you must keep them up to date in order to be effective.

3.  Use high quality firewalls

Worms use networks as their mode of transportation.  A well designed firewall can block their spread.

4.  Utilize high quality and up-to-date anti-virus and anti-malware software.

These tools can be effective in identifying and eliminating worm intrusions.  Be advised, they are not fool proof.

5.  In conjunction with the anti-virus/anti-malware, ensure periodic disk scans.

See earlier advisement.  Users may inadvertently allow infected files pass through.  Infected email is a common culprit here.

6.  Utilize spam filters in your email applications

As I mentioned above, email is a potential entry point for worm infections.

Since the first worm spawned in 1988, the Internet and the “Internet of things” have grown exponentially.  Malicious attacks over the Internet have paced this growth.  For every additional user on the network, you have an additional opportunity for infection.  Following the steps above will help protect systems from these attacks.

[1] Spafford, Eugene H. “The Internet Worm Program: An Analysis.” Technical Report, Department of Computer Science, Perdue University, West Layfayette, 1988.

[2] http://en.wikipedia.org/wiki/Computer_worm

[3] http://security.widyani.com/virus-security/computer-worm-definition-and-how-to-prevent-it.html

[4] http://networking.answers.com/firewall/preventing-worms-from-attacking-your-computer



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: