ABSTRACT
In this paper, we present a broad overview of recent worm activity. Virus information repositories, such as the Network Associates' Virus Information Library, contain over 4500 different entries (through the first quarter of 2003). While many of these entries are interesting, a great number of them are now simply historical and a large percentage of them are completely derivative in nature. However, these virus information repositories are the best source of material on the breadth of malicious code, including worms.This paper is meant to provide worm researchers with a high-level roadmap to the vast body of virus and worm information. After sifting through hundreds of entries, we present only those that we considered breakthrough or novel, primarily from a technical perspective. As a result, we found ourselves omitting some of the most notorious worms simply because they lacked any original aspects. It is our hope that others in the community who need to get up to speed in the worm literature can benefit from this survey. While this study does not contain any original research, it provides an overview of worms using a truly breadth-first approach, which has been lacking in the existing worm literature.From this raw data, we have also extracted a number of broad quantitative and qualitative trends that we have found to be interesting. We believe that a workshop discussion of these, and other thoughts, will be engaging and informative.
- Eichin, M. and J. Rochlis. "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988". Proceedings of the 1989 IEEE Symposium on Security and Privacy (Oakland CA, May 1989), IEEE Computer Society, 326--344.Google ScholarCross Ref
- F-Secure. F-Secure Computer Virus Information Center. http://www.f-secure.com/v-descs, 2003.Google Scholar
- F-Secure. "F-Secure Corporation Virus Glossary". http://www.f-secure.com/virus-info/glossary.shtml, May 2003.Google Scholar
- Grimes, R. "Danger: Remote Access Trojans". Security Administrator, http://www.microsoft.com/technet/security/ virus/VirusRAT.asp, September 2002.Google Scholar
- Kaspersky, E. Computer Viruses. Kaspersky Lab, http://www.viruslist.com/eng/viruslistbooks.html, 2000.Google Scholar
- Lemos, R. "Year of the Worm: Fast-spreading code is weapon of choice for Net vandals". CNET News.com, http://news.com.com/2009-1001-254061.html, March 2001.Google Scholar
- Moore, D., V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. "Slammer Worm Dissection: Inside the Slammer Worm". IEEE Security & Privacy, Vol. 1 No. 4 (July-August 2003), 33--39. Google ScholarDigital Library
- Moore, D., C. Shannon, and J. Brown. "Code-Red: a case study on the spread and victims of an internet worm". Proceedings of the Internet Measurement Workshop 2002 (Marseille France, November 2002). Google ScholarDigital Library
- Network Associates. Virus Information Library. http://vil.nai.com, 2003.Google Scholar
- Network Associates. "Virus Glossary". http://mcafeeb2b.com/naicommon/avert/avert-research-center/virus-glossary.asp, 2003.Google Scholar
- SANS Institute. "SANS Glossary of Terms Used in Security and Intrusion Detection". http://www.sans.org/resources/ glossary.php, May 2003.Google Scholar
- Shoch, J. and J. Hupp. "The Worm Programs: Early Experience with a Distributed Computation". Communications of the ACM, Vol. 25 No. 3 (March 1982), 172--180. Google ScholarDigital Library
- Sophos. "Klez worm is most prolific virus of the year". Sophos Press Releases, http://www.sophos.com/pressrel/uk/ 20021204yeartopten.html, December 2002.Google Scholar
- Spafford, E. "The Internet Worm Program: An Analysis". Purdue Technical Report CSD-TR-823, http://www.cerias.purdue.edu/homes/spaf/tech-reps/823.pdf, December 1988.Google Scholar
- Staniford, S., V. Paxson, and N. Weaver. "How to 0wn the Internet in Your Spare Time". Proceedings of the 11th USENIX Security Symposium (San Francisco CA, August 2002). Google ScholarDigital Library
- Symantec. Symantec Security Response - Search and Expanded Threats Page. http://securityresponse.symantec.com/avcenter/ vinfodb.html, 2003.Google Scholar
- Symantec. "What is the difference between viruses, worms, and Trojans?". http://service1.symantec.com/SUPPORT/ nav.nsf/pfdocs/1999041209131106, November 2002.Google Scholar
Index Terms
- Recent worms: a survey and trends
Recommendations
Modeling and Analysis of Patching Structured Benign Worms Countering against Worms
ICVRV '14: Proceedings of the 2014 International Conference on Virtual Reality and VisualizationDue to the active defense of benign worms against the damage imposed by worms, benign worms have been paid enough attention by network security researchers. This paper presents patching structured benign worms, and we designed their deployment and work ...
Classification of Botnet Detection Based on Botnet Architechture
CSNT '12: Proceedings of the 2012 International Conference on Communication Systems and Network TechnologiesNowadays, Botnets pose a major threat to the security of online ecosystems and computing assets. A Botnet is a network of computers which are compromised under the influence of Bot (malware) code. This paper clarifies Botnet phenomenon and discusses ...
Modeling and Analysis of Active Benign Worms and Hybrid Benign Worms Containing the Spread of Worms
ICN '07: Proceedings of the Sixth International Conference on NetworkingWorms are a serious and growing threat to network and traditional antivirus technologies do not currently scale to deal with the worm threat. Benign worms, especially active benign worms and hybrid benign worms, become a new active countermeasure. In ...
Comments