G
Guest
The menace of Worms
It is a given in this world that every entity has two
aspects - one benign, and the other malignant. This
duality of function can be found in virtually everything.
Take the humble kitchen knife, for example. Cooks use it
for chopping vegetables. It can also be used to kill. The
human brain can be used to do constructive things - such
as planting seeds in farms to grow food crops, construct
strong shelters that protect against nature's forces and
build computers and software that make life so easy. The
human brain can also do destructive things - such as build
a bomb, indulge in genocide and take advantages of the
computer's weaknesses to wreck havoc the internet.
The worms are but another example of man's darker side of
genius.
Worms are such pesky creatures. They apparently appear out
of nowhere and start doing what their creators designed
them to do; our only clue is that the PC and the internet
are suddenly inexplicably slow. Their reproducing and
replicating mechanisms are so simple. Computer worms share
similar attributes. They are apparently very easy to
construct too.
The first worm that attracted wide attention was actually
written by a student! When it was released to an
unsuspecting world in 1988, it damaged a lot of BSD UNIX
machines before an angry world could track it down and
catch both the worm and its creator red-handed. The boy -
Robert Tappan Morris Jr. - was convicted and fined.
So, what exactly is a computer worm?
A computer worm is different from its other infamous
sibling - the virus. A worm does not infect or manipulate
files, it makes clones of itself. Therefore a worm is a
standalone working program. It can use the system
transmission capabilities to travel from machine to
machine merrily riding around like a happy-go-lucky
vagabond. A worm, after lodging itself on one machine can
spawn several clones of itself. Each of these clones then
marches forth to conquer the cyber world.
How do worms spread?
Where do newly cloned computer worms march to? A worm can
open your email address book and, in a jiffy, despatch one
clone each to each of the addresses listed. Of course, the
machine has to be connected to the net. If it is not, the
worm silently bides it time till the connection takes
place. Chats and Instant messaging software like MIRC, MSN
Messenger, Yahoo IM and ICQ can also act as unwitting
carriers enabling the worm to spread like wildfire
throughout the cyberworld (the "Jitux" worm is an
example). Every operating system has vulnerabilities which
are thoroughly exploited by worms to propagate themselves.
Windows systems are the usual target. A very prominent
example of this is the Sasser worm which uses security
holes in the Windows LSASS service.
Other worms spread only by using Backdoor infected
computers. E.g. the "Bormex" worm relies on the "Back
Orifice" backdoor to spread. There is a facility available
within peer-to-peer networks known as the P2P folder which
all users of the network share. A worm can simply copy
itself into the shared folder and quietly wait for the
other users to pick it up. If the folder does not exist,
the worm simply creates it for the benefit of the users!
How benevolent can worms be! In the hall of hoodlums,
worm "Axam" gets top honours for such devious activity.
Some worms take on even more deceptive forms to snare
users. Sending emails with malicious code embedded within
the main text or as an attachment. Some worms act as SMTP
proxies (Sircam, Nimda, Sasser & co) to spread quickly.
Worms can attempt remote logins (especially on Microsoft
SQL servers - the "Spida" worm does this quite elegantly!)
to launch DDoS (distributed denial of service) attacks.
Another favourite is injecting malicious code in running
services on the server like "Slammer". Phew! The arsenal
available to these worms is huge and ever growing.
Worms that will be remembered for generations to come for
the damage they did to global commerce are Sasser, MyDoom,
Sober, Blaster, Code Red, Melissa, and the Loveletter
worm. Apart from the sleepless nights it caused the
government and industry backed sleuths trying to track the
worm, billions of dollars went down the drain to control
their menace. The face of internet surfing and
computerized operations was radically changed due to these
worms.
What exactly is the nature of havoc that these worms bring
to bear upon us? Well, Denial of service (DoS) is one
situation that users of a server may find themselves in
thanks to these programs. Unlike viruses, many worms do
not intend to destroy the infected computer. More often
than not they have a more important job to do - subvert
the computer so that the worm's creator can use it often
without the owner of the computer knowing anything about
it.
Worm writers nowadays work together with Spammers (they
make a nice twosome, don't they?) to send out unsolicited
emails to increasingly overloaded inboxes. Their worms
install backdoor trojans to convert the home computer into
a "zombie". the countless variants of the "Bagle" worm
are the best known examples.
"Phishing" is the latest fad in town. It tries to prise
those secret passwords of bank accounts and credit cards
from you... all courtesy of a piggy back ride on the
worm's powerful shoulders
So much for the end-of-the-world-speech! What is the cure
for all this, for crying out loud! You ask.
Like a cat-and-mouse game, the moment worms came into
existence, worm-trappers came into existence too. Special
software has been designed that not only kill worms the
software knows about, but also updates itself on a daily
basis against any new threats.
However, updating is always going to be a tad behind the
ultra-sophisticated lethal wizardry of worms. The best way
to guard against this is to use the anti-worm software a-
squared - software that it is at the forefront of malware
prevention.
How does a-squared score over other anti-worm and anti-
virus products?
a-squared has a special Malware Intrusion Detection System
(Malware-IDS) that is able to detect and kill worms before
the worms get a foot in the door. The great thing about
this is that the detection process does not require any
signature scanning to identify a worm. All the other
products are handicapped because they require a signature
to be able to identify and kill a worm.
The Malware-IDS, once installed, never sits idle.
Visualize a worrying, paranoid housewife obsessed with
keeping the house clean, who runs after every rat or other
vermin that she sees with broomstick in hand! Like this
housewife, the Malware-IDS is continuously on alert,
checking every program that is running (or trying to run)
on your machine, ready to pounce on any program that is
trying to do something that "good" programs are not
supposed to do. Such "delinquent" programs are caught by
the IDS and paraded before you. You can relax and take
your time to decide whether the program has nefarious
intentions or not. The program is stopped until you
pronounce verdict. The program is either acquitted
honourably or sent to the gallows.
With a strong development and support team spanning
continents, a-squared has emerged as an important player
in the war against the malware domain. Trusting your
machine to a-squared is the best defence possible now and
in the future.
Protect thyself!
It is a given in this world that every entity has two
aspects - one benign, and the other malignant. This
duality of function can be found in virtually everything.
Take the humble kitchen knife, for example. Cooks use it
for chopping vegetables. It can also be used to kill. The
human brain can be used to do constructive things - such
as planting seeds in farms to grow food crops, construct
strong shelters that protect against nature's forces and
build computers and software that make life so easy. The
human brain can also do destructive things - such as build
a bomb, indulge in genocide and take advantages of the
computer's weaknesses to wreck havoc the internet.
The worms are but another example of man's darker side of
genius.
Worms are such pesky creatures. They apparently appear out
of nowhere and start doing what their creators designed
them to do; our only clue is that the PC and the internet
are suddenly inexplicably slow. Their reproducing and
replicating mechanisms are so simple. Computer worms share
similar attributes. They are apparently very easy to
construct too.
The first worm that attracted wide attention was actually
written by a student! When it was released to an
unsuspecting world in 1988, it damaged a lot of BSD UNIX
machines before an angry world could track it down and
catch both the worm and its creator red-handed. The boy -
Robert Tappan Morris Jr. - was convicted and fined.
So, what exactly is a computer worm?
A computer worm is different from its other infamous
sibling - the virus. A worm does not infect or manipulate
files, it makes clones of itself. Therefore a worm is a
standalone working program. It can use the system
transmission capabilities to travel from machine to
machine merrily riding around like a happy-go-lucky
vagabond. A worm, after lodging itself on one machine can
spawn several clones of itself. Each of these clones then
marches forth to conquer the cyber world.
How do worms spread?
Where do newly cloned computer worms march to? A worm can
open your email address book and, in a jiffy, despatch one
clone each to each of the addresses listed. Of course, the
machine has to be connected to the net. If it is not, the
worm silently bides it time till the connection takes
place. Chats and Instant messaging software like MIRC, MSN
Messenger, Yahoo IM and ICQ can also act as unwitting
carriers enabling the worm to spread like wildfire
throughout the cyberworld (the "Jitux" worm is an
example). Every operating system has vulnerabilities which
are thoroughly exploited by worms to propagate themselves.
Windows systems are the usual target. A very prominent
example of this is the Sasser worm which uses security
holes in the Windows LSASS service.
Other worms spread only by using Backdoor infected
computers. E.g. the "Bormex" worm relies on the "Back
Orifice" backdoor to spread. There is a facility available
within peer-to-peer networks known as the P2P folder which
all users of the network share. A worm can simply copy
itself into the shared folder and quietly wait for the
other users to pick it up. If the folder does not exist,
the worm simply creates it for the benefit of the users!
How benevolent can worms be! In the hall of hoodlums,
worm "Axam" gets top honours for such devious activity.
Some worms take on even more deceptive forms to snare
users. Sending emails with malicious code embedded within
the main text or as an attachment. Some worms act as SMTP
proxies (Sircam, Nimda, Sasser & co) to spread quickly.
Worms can attempt remote logins (especially on Microsoft
SQL servers - the "Spida" worm does this quite elegantly!)
to launch DDoS (distributed denial of service) attacks.
Another favourite is injecting malicious code in running
services on the server like "Slammer". Phew! The arsenal
available to these worms is huge and ever growing.
Worms that will be remembered for generations to come for
the damage they did to global commerce are Sasser, MyDoom,
Sober, Blaster, Code Red, Melissa, and the Loveletter
worm. Apart from the sleepless nights it caused the
government and industry backed sleuths trying to track the
worm, billions of dollars went down the drain to control
their menace. The face of internet surfing and
computerized operations was radically changed due to these
worms.
What exactly is the nature of havoc that these worms bring
to bear upon us? Well, Denial of service (DoS) is one
situation that users of a server may find themselves in
thanks to these programs. Unlike viruses, many worms do
not intend to destroy the infected computer. More often
than not they have a more important job to do - subvert
the computer so that the worm's creator can use it often
without the owner of the computer knowing anything about
it.
Worm writers nowadays work together with Spammers (they
make a nice twosome, don't they?) to send out unsolicited
emails to increasingly overloaded inboxes. Their worms
install backdoor trojans to convert the home computer into
a "zombie". the countless variants of the "Bagle" worm
are the best known examples.
"Phishing" is the latest fad in town. It tries to prise
those secret passwords of bank accounts and credit cards
from you... all courtesy of a piggy back ride on the
worm's powerful shoulders
So much for the end-of-the-world-speech! What is the cure
for all this, for crying out loud! You ask.
Like a cat-and-mouse game, the moment worms came into
existence, worm-trappers came into existence too. Special
software has been designed that not only kill worms the
software knows about, but also updates itself on a daily
basis against any new threats.
However, updating is always going to be a tad behind the
ultra-sophisticated lethal wizardry of worms. The best way
to guard against this is to use the anti-worm software a-
squared - software that it is at the forefront of malware
prevention.
How does a-squared score over other anti-worm and anti-
virus products?
a-squared has a special Malware Intrusion Detection System
(Malware-IDS) that is able to detect and kill worms before
the worms get a foot in the door. The great thing about
this is that the detection process does not require any
signature scanning to identify a worm. All the other
products are handicapped because they require a signature
to be able to identify and kill a worm.
The Malware-IDS, once installed, never sits idle.
Visualize a worrying, paranoid housewife obsessed with
keeping the house clean, who runs after every rat or other
vermin that she sees with broomstick in hand! Like this
housewife, the Malware-IDS is continuously on alert,
checking every program that is running (or trying to run)
on your machine, ready to pounce on any program that is
trying to do something that "good" programs are not
supposed to do. Such "delinquent" programs are caught by
the IDS and paraded before you. You can relax and take
your time to decide whether the program has nefarious
intentions or not. The program is stopped until you
pronounce verdict. The program is either acquitted
honourably or sent to the gallows.
With a strong development and support team spanning
continents, a-squared has emerged as an important player
in the war against the malware domain. Trusting your
machine to a-squared is the best defence possible now and
in the future.
Protect thyself!
