Why worms are used

by Sean Kazen.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on software  

You are here: Categories » Computers and technology » Software

Taking over Vast Numbers of Systems

Suppose an attacker wants to take over 10,000 machines around the world. Perhaps the attacker needs this many systems to crack an encryption key or password. With 10,000 systems working in tandem, the attacker could break the encryption almost 10,000 times faster than with a single machine. Alternatively, the attacker might just want simple bragging rights with his or her buddies in the computer underground for having compromised that many boxes.

Now, to take over each system, the attacker might require one hour on average, which includes time for compromising the system, installing a backdoor, cleaning up the logs, and other activities to conform the machine to the attacker's wicked will. How long would it take such an attacker to dominate 10,000 machines? There's no need for you to run and get your calculator; I'll do the math for you. One hour per system times 10,000 systems will require 10,000 hours for the attack. Working around the clock, 24 hours a day, seven days a week with no break, our intrepid little attacker would require almost 14 months to achieve the goal. However, using a worm, the same 10,000 systems could be conquered in a few hours or even less. In this way, worms increase the scale of attacks available to the bad guys.

Making Traceback More Difficult

With 10,000 systems under their control, attackers can obscure their source location anywhere in a veritable maze of systems. I could easily build a worm that allows me to bounce connections from segment to segment of the worm. After compromising oodles of systems with this worm, I could launch some other attack against a target Web site, laundering the source of my attack through my worm network. If I'm careful, it'll be awfully hard to catch me as investigators get lost in the fog of connections bounced between various worm segments.

Consider a simple vulnerability scan. I could run a program that sends packets out across the network looking to see if a given target has various misconfigurations or other security flaws that would let me take it over. If I run such a scan from one of my own machines to check a target for vulnerabilities, I'll be launching thousands of packets across the network. The victim will see all my packets, and might be able to trace the attack back to me. However, if I use a bunch of worm segments to launch my scan, each of my 10,000 minions will only send a packet or two to check for an individual vulnerability.

Making matters worse, my vast array of worm warriors are located all over the Internet, in countries around the planet. Tracing my attack through these diverse locales will be difficult, as investigators encounter varied human languages and legal systems to confound their investigation. They'll have to coordinate the investigation with people in a dozen or more different countries, while I slip through their fingers. A friend of mine who was quite fond of puns once referred to this phenomenon of confounding an investigation by spreading worms around the planet as "global worming."

Amplifying Damage

Many different kinds of computer attacks are more damaging or even faster if launched from multiple systems simultaneously. If attackers can cause a damage level of X using one machine, they might be able to inflict 10,000 times X (or even more) in damage by using all the systems compromised by a worm. Alternatively, the attack might run 10,000 times faster if launched simultaneously on all of these worm segments. In these ways, worms amplify an attacker's capabilities.

Suppose an attacker wants to launch a distributed denial-of-service attack, sending a huge flood of packets against a target from multiple sources. The attacker's goal is to inundate the target with a tsunami of packets, so legitimate users cannot communicate with the victim because of the massive flood. With one system, the attacker can generate a reasonable traffic flow, but nothing to disable a typical server placed on the Internet. However, with a worm, the attacker could launch packets from 10,000 systems or more, easily sucking up every last drop of bandwidth going to the target server. You just cannot buy enough bandwidth to stop the flood from a determined attacker with tens of thousands of machines conquered by a worm.

Share
Leave a comment or ask a question
Total comments: 0

Software Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Remote Access Services (RAS) under Windows XP Professional - Authentication protocols • EAP - Extensible Authentication Protocol. A set of APIs in Windows for developing new security protocols as needed to accommodate new technol (more...)
Detecting SoftICE by Calling INT 3h - This is one of the most well known anti-debugging tricks, and it uses a back door in SoftICE itself. It works in all versions of Windows, and it is based on calling INT 3h with registers containing (more...)
Detecting SoftICE by Calling INT 68h - Here's a way to detect the presence of SoftICE in memory by calling INT contain the value 43h before calling INT be in the AX register. 68h. The AH register must 68h. If SoftICE is active in memor (more...)
How Can You Increase Your computer performance - Basic computer knowledge or/ and appropriate technical assistance can help you increase computer performance. Computers have become an expected supporter in this modern world. O (more...)
Detecting SoftICE by Searching Memory - This detection searches the memory in the V86 mode for the WINICE.BR string. Because this method is infrequently used, it's worth considering, though it can only be used in Windows 9x. Thi (more...)
Fight for the Future, Digital Future: Google VS Apple - We can be proud as we watch one of the greatest virtual wars unleashing at the digital market. If 15 years ago it was Apple Vs Windows confrontation, today it has slightly changed its main parties (more...)
The Beginner's Guide to iPad Video Conversion on Mac - So, you've just taken in a shiny new iPad and impressed by its beautiful display. There are several possible sources of content that you will want to convert for viewi (more...)
Touch and View: iPad application - iPad application development has become an extremely popular topic at numerous conferences and workshops since the product introduction keynote. Mobile software companies went boldly into the une (more...)
Deciding on TIFF vs. JPEG Output for Scanned Images - It can be difficult to understand which file type is best for saving your scanned images. Here's a brief breakdown of the two most common options. Preserving beloved memories is on (more...)
Photoshop Clipping Path and Masking Techniques :: Wonderful Technique to Knock Out Image Background - Graphic design is being the promotional key in every spare of business and individual life. Business organizations seek graphic tools to have publicity by dint of bill board, catalogs, magazines, w (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.