Flashcards in Lesson 11.1 - Internet Worms Deck (12):
What is a Virus?
An "Infection" of an existing program that results in the modification of behavior.
What is an Internet Worm?
usually spread by exploiting flaws in existing programs or open services
What is a parasitic virus?
Typically infects an existing executable file.
What is a memory-resident virus?
Infects running programs
What is a boot sector virus?
A virus that spreads whenever the system is booted.
What is a polmorphic virus?
A virus that encrypts part of the virus program using a randomly generated key.
What is the difference between Worms and viruses?
Viruses: Spread manually
Worms: Spread automatically by scanning for vulnerabilities. A worm can use any of the virus techniques to gain initial access.
What is the main difference between a worm and a vius?
A. Worms do not have destructive payloads?
B. Viruses only infect windows machines
C. Viruses can spread more rapidly
D. Worms can spread automatically
What are the three steps in a worm's "life-cycle"?
1. Discover/"scan" for vunerable hosts
2. Infect vulnerable machine via remote exploit
3. Remain undiscoverable
How do we model fast-spreading worms
Using the Random Constant Spread model
K: Initial compromise rate
N: Number of vulnerable hosts
a: fraction of hosts already compromised.
Nda: Newly infected in dt
Nda = (Na)*K(1-a)dt
How to increase initial compromise rate?
1. Hit List: List of vulnerable hosts (recon)
2. Permutation scanning: Shared permutation of IP address lists. Start from own IP + work down, ensuring compromised lists don't duplicate work