| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 5 May 2004 08:03:52 -0000 From: Taeho Oh <ohhara@...tech.edu> To: bugtraq@...urityfocus.com Subject: Will a smart worm be made in the near future? Will a smart worm be made in the near future? Nowadays, many bugs are found in the software and many worms are made in a short time. Foutunately, the worm usually doesn't destroy any data in the PC until now. And it's very easy to know something is wrong in the PC or network. Because the network speed slows down quickly when the PC are infected by a worm. However, I think it will not be true in the future. I just tried to think the smart worm scenario. 1) The worm doesn't cause network slow down. Usually, the worm uses wide network bandwidth and causes a kind of denial of service effect. It is because the worm tries to infect other PC very fast. But I think if the worm uses P2P technique, exchange the infected PC list with other worms, network load can be reduced significantly and network will work ok. Surely, sanity check is needed to check if the infected PC list is not spoofed. I think the worm which doesn't cause denial of service effect is more dangerous than the worm which causes denial of service effect because usually it's not detected easily. 2) The worm destroys the data severely. If the worm destroys the critical data in the every PC at the same time. It may be a disaster. What is the critical data? Someone may think that the windows system dlls or some important boot configuration files. But I think the important data is the recently modified files. The worm has a recently modified file list and overwrite the files with garbage data at the same time. And how do you feel if the worm deletes all ".c", ".cpp", ".h", ".doc", ".xls", ".txt", mailbox, database files and doesn't touch any ".exe", ".ini", ".dll" in your hard drive? 3) The worm destroys the hardware severely. Many people will ask for this, "is it really possible?". The answer maybe yes or no. As you know, many hardware vendors support the firmware upgrade. It means that if the worm want to delete the firmware, it can do it. How do you feel if the worm deletes the firmwares of m/b bios, video card, hard drive, cd/dvd rom drive? You may not be able to use the hardwares unless you send them to a/s. 4) The worm upgrades itself. The worm programmer sends updated exploit code to the worm and upgrade itself and distributes it to other worm by using P2P technique. Surely, sanity check is needed. 5) The worm hides itself. The worm can hides itself. For example, it is not seen by task manager and explorer. I think there are other many possible techniques to make the worm smart. I am not sure everything I mentioned here is technically possible. But in my opinion, it's possible. What can we do to protect our PC from those kinds of smart worm? -- Taeho Oh ( ohhara@...tech.edu, ohhara@...s.or.kr ) http://ohhara.sarang.net Postech ( Pohang University of Science and Technology ) http://www.postech.edu PLUS ( Postech Laboratory for Unix Security ) http://www.plus.or.kr
Powered by blists - more mailing lists