Attack Examples
Malicious code

The primary vulnerabilities for end-user workstations are worm, virus, and Trojan horse attacks . A worm executes arbitrary code and installs copies of itself in the infected computer’s memory, which infects other hosts. A virus is malicious software that is attached to another program to execute a particular unwanted function on a user's workstation. A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool.

Worms
The anatomy of a worm attack is as follows:

  1. The enabling vulnerability – A worm installs itself using an exploit vector on a vulnerable system.
  2. Propagation mechanism – After gaining access to devices, a worm replicates and selects new targets.
  3. Payload – Once the device is infected with a worm, the attacker has access to the host – often as a privileged user. Attackers could use a local exploit to escalate their privilege level to administrator.

Typically, worms are self-contained programs that attack a system and try to exploit a specific vulnerability in the target. Upon successful exploitation of the vulnerability, the worm copies its program from the attacking host to the newly exploited system to begin the cycle again. A virus normally requires a vector to carry the virus code from one system to another. The vector can be a word-processing document, an e-mail message, or an executable program. The key element that distinguishes a computer worm from a computer virus is that human interaction is required to facilitate the spread of a virus.

Worm attack mitigation requires diligence on the part of system and network administration staff. Coordination between system administration, network engineering, and security operations personnel is critical in responding effectively to a worm incident. The following are the recommended steps for worm attack mitigation:

  1. Containment
  2. Inoculation
  3. Quarantine
  4. Treatment

Viruses and Trojan Horses
Viruses are malicious software that is attached to another program to execute a particular unwanted function on a user’s workstation. An example of a virus is a program that is attached to command.com (the primary interpreter for Windows systems) that deletes certain files and infects any other versions of command.com that it can find.

A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool . An example of a Trojan horse is a software application that runs a simple game on the user’s workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every user in the user’s address book. The other users receive the game and then play it, thus spreading the Trojan horse.

These kinds of applications can be contained through the effective use of antivirus software at the user level and potentially at the network level . Antivirus software can detect most viruses and many Trojan horse applications and prevent them from spreading in the network. Keeping up-to-date with the latest developments in these sorts of attacks can also lead to a more effective posture against these attacks. As new virus or Trojan applications are released, enterprises need to keep up-to-date with the latest antivirus software and application versions

Complete the quiz questions in Figure for additional study.


Web Links