ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A taxonomy of computer worms
Full text PdfPdf (136 KB)
Source Workshop on Rapid Malcode archive
Proceedings of the 2003 ACM workshop on Rapid malcode table of contents
Washington, DC, USA
SESSION: Internet WORMS: past, present, and future table of contents
Pages: 11 - 18  
Year of Publication: 2003
ISBN:1-58113-785-0
Authors
Nicholas Weaver  UC Berkeley
Vern Paxson  ICSI
Stuart Staniford  Silicon Defense
Robert Cunningham  MIT Lincoln Laboratory
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 66,   Downloads (12 Months): 479,   Citation Count: 37
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/948187.948190
What is a DOI?

ABSTRACT

To understand the threat posed by computer worms, it is necessary to understand the classes of worms, the attackers who may employ them, and the potential payloads. This paper describes a preliminary taxonomy based on worm target discovery and selection strategies, worm carrier mechanisms, worm activation, possible payloads, and plausible attackers who would employ a worm.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Simon Byers, Aviel Rubin, and David Kormann. Defending against internet-based attack on the physical world, http://www.avirubin.com/lscripted.attacks.pdf.
 
2
Cardcops. http://www.cardcops.com.
 
3
CERT. CERT Advisory CA-1999-04 Melissa Macro Virus, http://www.cert.org/advisories/ca-1999-04.html.
 
4
CERT. CERT Advisory CA-2000-04 Love Letter Worm, http://www.cert.org/advisories/ca-2000-04.html.
 
5
CERT. CERT Advisory CA-2001-22 w32/Sircam Malicious Code, http://www.cert.org/advisories/ca-2001-22.html.
 
6
CERT. CERT Advisory CA-2001-26 Nimda Worm, http://www.cert.org/advisories/ca-2001-26.html.
 
7
CERT. CERT Advisory CA-2002-25 Integer Overflow in XDR Library, http://www.cert.org/advisories/ca-2002-25.html.
 
8
CERT. Code Red II: Another Worm Exploting Buffer Overflow in IIS Indexing Service DLL, http://www.cert.org/incident_notes/in-2001-09.html.
 
9
Zesheng Chen, Lixin Gao, and Kevin Kwiat. Modeling the spread of active worms. In IEEE INFOCOM 2003. IEEE, April 2003.
 
10
ComputerWorld. Al-qaeda poses threat to net, http://www.computerworld.com/securitytopics/story/0,10801,76150,00.html.
 
11
Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In Proc. 7th USENIX Security Conference, pages 63--78, San Antonio, Texas, jan 1998.
 
12
Silicon Defense. Countermalice worm containment, http://www.silicondefense.com/products/countermalice/.
 
13
David Dittrich. The Stacheldraht Distributed Denial of Service Attack Tool, http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.
 
14
David Dittrich. The Tribe Flood Network Distributed Denial of Service Attack Tool, http://staff.washington.edu/dittrich/misc/tfn.analysis.
 
15
eEye Digital Security. .ida "Code Red" Worm, http://www.eeye.com/html/research/advisories/al20010717.html.
 
16
Mark Eichin and Jon Rochlis. With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988. In IEEE Computer Society Symposium on Security and Privacy, 1989.
 
17
Hiroaki Etoh. Gcc extentions for protecting applications from stack-smashing attacks, http://www.research.ibm.com/trl/projects/security/ssp/.
 
18
F-Secure. F-Secure Computer Virus Information Pages: Hybris, http://www.f-secure.com/v-descs/hybris.shtml.
 
19
Peter Ferrie. W32//Klez, http://toronto.virusbtn.com/magazine/archives/200207/klez.xml.
 
20
Security Focus. MacOS X SoftwareUpdate Arbitrary Package Installation Vulnerability, http://online.securityfocus.com/bid/5176.
 
21
The Animal Liberation Front. http://www.animalliberationfront.com.
 
22
The Earth Liberation Front. In defense of all life, http://www.earthliberationfront.com.
 
23
Gamespy. Gamespy arcade, http://www.gamespyarcade.com.
 
24
Symantec Inc. W32.gnuman.worm, http://securityresponse.symantec.com/avcenter/venc/data/w32.gnuman.worm.html.
 
25
itsecure. OpenSSH Trojan Horse, http://www.itsecure.com.au/alerts/alert.htm?alertid=95.
 
26
Trevor Jim , J. Greg Morrisett , Dan Grossman , Michael W. Hicks , James Cheney , Yanling Wang, Cyclone: A Safe Dialect of C, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.275-288, June 10-15, 2002
 
27
Markus Kern. Re: Codegreen beta release, http://online.securityfocus.com/archive/82/211462.
 
28
Kaspersky Labs. W95/CIH (a.k.a Chernobyl), http://www.viruslist.com/eng/viruslist.html?id=3204.
 
29
Message Labs. W32/bugbear-ww, http://www.messagelabs.com/viruseye/report.asp?id=110.
 
30
Brian McWilliams. Yaha Worm Takes out Pakistan Government's Site, http://online.securityfocus.com/news/501.
 
31
Jason V Miller, Jesse Gough, Bartek Kostanecki, Josh Talbot, and Jensenne Roculan. Microsoft dcom rpc worm alert, https://tms.symantec.com/members/analystreports/030811-alert-dcomworm.pdf.
 
32
Domas Mituzas. FreeBSD Scalper Worm, http://www.dammit.lt/apache-worm/.
 
33
David Moore , Vern Paxson , Stefan Savage , Colleen Shannon , Stuart Staniford , Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, v.1 n.4, p.33-39, July 2003  [doi>10.1109/MSECP.2003.1219056]
34
David Moore , Colleen Shannon , k claffy, Code-Red: a case study on the spread and victims of an internet worm, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France  [doi>10.1145/637201.637244]
35
George C. Necula , Scott McPeak , Westley Weimer, CCured: type-safe retrofitting of legacy code, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.128-139, January 16-18, 2002, Portland, Oregon
 
36
Netcraft. The Netcraft Survey, http://www.netcraft.com.
 
37
Openbsd 3.3, http://www.openbsd.org/33.html.
 
38
The homepage of the pax team, http://pageexec.virtualave.net/.
 
39
Sam Phillips. dasbistro.com default.ida responder. http://sunsite.bilkent.edu.tr/pub/infosystems/phpweb/default.txt.
 
40
The Honeynet Project. Know Your Enemy: Motives, http://project.honeynet.org/papers/motives/.
 
41
Eric Rescorla. Security holes ... who cares? In Proceedings of the 12th USENIX Security Symposium, pages 75--90. USENIX, August 2003.
42
Stuart E. Schechter , Michael D. Smith, Access for sale: a new class of worm, Proceedings of the 2003 ACM workshop on Rapid malcode, October 27-27, 2003, Washington, DC, USA  [doi>10.1145/948187.948191]
 
43
Markus Schmall. Bulding Anna Kournikova: An Analysis of the VBSWG Worm Kit, http://online.securityfocus.com/infocus/1287.
 
44
McAffe Secuirty. W95/firkin.worm, http://vil.mcafee.com/dispvirus.asp?virus\_k=98557.
 
45
F secure Inc. Global slapper worm information center, http://www.f-secure.com/slapper/.
 
46
Valve Software. Half life, http://www.half-life.com.
 
47
Stuart Staniford , Vern Paxson , Nicholas Weaver, How to Own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, p.149-167, August 05-09, 2002
 
48
Joe Stewart. Sobig.e: Evolution of the worm. http://www.lurhq.com/sobig-e.html.
 
49
Symantec. W32.Benjamin.Worm, http://securityresponse.symantec.com/avcenter/venc/data/w32.benjamin.worm.html.
 
50
Symantec. W32.Sonic.worm, http://securityresponse.symantec.com/avcenter/venc/data/w32.sonic.worm.html.
 
51
Jamie Twycross and Matthew M Williamson. Implementing and testing a virus throttle. In Proceedings of the 12th USENIX Security Symposium, pages 285--294. USENIX, August 2003.
 
52
Max Vision. Whitehats: Ramen Internet Worm Analysis, http://www.whitehats.com/library/worms/ramen/.
53
Robert Wahbe , Steven Lucco , Thomas E. Anderson , Susan L. Graham, Efficient software-based fault isolation, ACM SIGOPS Operating Systems Review, v.27 n.5, p.203-216, Dec. 1993
 
54
Matthew M. Williamson, Throttling Viruses: Restricting propagation to defeat malicious mobile code, Proceedings of the 18th Annual Computer Security Applications Conference, p.61, December 09-13, 2002
 
55
Adam Young , Moti Yung, Cryptovirology: Extortion-Based Security Threats and Countermeasures, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.129, May 06-08, 1996

CITED BY  37
Nicholas Weaver , Ihab Hamadeh , George Kesidis , Vern Paxson, Preliminary results using scale-down to explore worm dynamics, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA
Phillip Porras , Linda Briesemeister , Keith Skinner , Karl Levitt , Jeff Rowe , Yu-Cheng Allen Ting, A hybrid quarantine defense, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA
Yun-Kai ZHANG , Yun-Kai Zhang , Fang-Wei WANG , Fang-Wei Wang , Yu-Qing Zhang , Yu-Qing ZHANG , Jian-Feng MA , Jian-Feng Ma, Worm propagation modeling and analysis based on quarantine, Proceedings of the 3rd international conference on Information security, November 14-16, 2004, Shanghai, China
Ramana Rao Kompella , Sumeet Singh , George Varghese, On scalable attack detection in the network, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
Moheeb Abu Rajab , Fabian Monrose , Andreas Terzis, Worm evolution tracking via timing analysis, Proceedings of the 2005 ACM workshop on Rapid malcode, November 11-11, 2005, Fairfax, VA, USA
Stuart Staniford , David Moore , Vern Paxson , Nicholas Weaver, The top speed of flash worms, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA
Anukool Lakhina , Mark Crovella , Christiphe Diot, Characterization of network-wide anomalies in traffic flows, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
Kuai Xu , Zhi-Li Zhang , Supratik Bhattacharyya, Profiling internet backbone traffic: behavior models and applications, ACM SIGCOMM Computer Communication Review, v.35 n.4, October 2005
Evan Cooke , Michael Bailey , Z. Morley Mao , David Watson , Farnam Jahanian , Danny McPherson, Toward understanding distributed blackhole placement, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA
Daniel R. Ellis , John G. Aiken , Kira S. Attwood , Scott D. Tenaglia, A behavioral approach to worm detection, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA
Joel Sommers , Vinod Yegneswaran , Paul Barford, A framework for malicious workload generation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
D. Ármannsson , G. Hjálmtýsson , P. D. Smith , L. Mathy, Controlling the effects of anomalous ARP behaviour on ethernet networks, Proceedings of the 2005 ACM conference on Emerging network experiment and technology, October 24-27, 2005, Toulouse, France
Fernando C. Colón Osorio , Zachi Klopman, An initial analysis and presentation of malware exhibiting swarm-like behavior, Proceedings of the 2006 ACM symposium on Applied computing, April 23-27, 2006, Dijon, France
Cliff C. Zou , Don Towsley , Weibo Gong, On the performance of internet worm scanning strategies, Performance Evaluation, v.63 n.7, p.700-723, July 2006
Marc Lelarge , Jean Bolot, Network externalities and the deployment of security features and protocols in the internet, ACM SIGMETRICS Performance Evaluation Review, v.36 n.1, June 2008
Niels Provos , Joe McClain , Ke Wang, Search worms, Proceedings of the 4th ACM workshop on Recurring malcode, November 03-03, 2006, Alexandria, Virginia, USA
Prem Gopalan , Kyle Jamieson , Panayiotis Mavrommatis , Massimiliano Poletto, Signature metrics for accurate and automated worm detection, Proceedings of the 4th ACM workshop on Recurring malcode, November 03-03, 2006, Alexandria, Virginia, USA
Cliff C. Zou , Don Towsley , Weibo Gong , Songlin Cai, Advanced Routing Worm and Its Security Challenges, Simulation, v.82 n.1, p.75-85, January 2006
Guanling Chen , Robert S. Gray, Simulating non-scanning worms on peer-to-peer networks, Proceedings of the 1st international conference on Scalable information systems, p.29-es, May 30-June 01, 2006, Hong Kong
Terrence August , Tunay I. Tunca, Network Software Security and User Incentives, Management Science, v.52 n.11, p.1703-1720, November 2006
Surasak Sanguanpong , Urupoj Kanlayasiri, Worm damage minimization in enterprise networks, International Journal of Human-Computer Studies, v.65 n.1, p.3-16, January, 2007
Moez Draief , Ayalvadi Ganesh , Laurent Massoulié, Thresholds for virus spread on networks, Proceedings of the 1st international conference on Performance evaluation methodolgies and tools, October 11-13, 2006, Pisa, Italy
Ramana Rao Kompella , Sumeet Singh , George Varghese, On scalable attack detection in the network, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.14-25, February 2007
Nicholas Weaver , Stuart Staniford , Vern Paxson, Very fast containment of scanning worms, Proceedings of the 13th conference on USENIX Security Symposium, p.3-3, August 09-13, 2004, San Diego, CA
Terrence August , Tunay I. Tunca, Network Software Security and User Incentives, Management Science, v.52 n.11, p.1703-1720, November 2006
Zhichun Li , Yan Chen , Aaron Beach, Towards scalable and robust distributed intrusion alert fusion with good load balancing, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.115-122, September 11-15, 2006, Pisa, Italy
Mohamed Abdelhafez , George Riley , Robert G. Cole , Nam Phamdo, Modeling and Simulations of TCP MANET Worms, Proceedings of the 21st International Workshop on Principles of Advanced and Distributed Simulation, p.123-130, June 12-15, 2007
Matthew Van Gundy , Davide Balzarotti , Giovanni Vigna, Catch me, if you can: evading network signatures with web-based polymorphic worms, Proceedings of the first conference on First USENIX Workshop on Offensive Technologies, p.7-7, August 06, 2007, Boston, MA
Zonghua Zhang , Pin-Han Ho, Janus: A dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks, Journal of Network and Computer Applications, v.32 n.3, p.710-720, May, 2009
John Criswell , Andrew Lenharth , Dinakar Dhurjati , Vikram Adve, Secure virtual architecture: a safe execution environment for commodity operating systems, ACM SIGOPS Operating Systems Review, v.41 n.6, December 2007
Robert Moskovitch , Yuval Elovici , Lior Rokach, Detection of unknown computer worms based on behavioral classification of the host, Computational Statistics & Data Analysis, v.52 n.9, p.4544-4566, May, 2008
Joe Szabo , John Aycock , Randal Acton , Jörg Denzinger, The tale of the weather worm, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Min Cai , Kai Hwang , Jianping Pan , Christos Papadopoulos, WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation, IEEE Transactions on Dependable and Secure Computing, v.4 n.2, p.88-104, April 2007
Anh Le , Raouf Boutaba , Ehab Al-Shaer, Correlation-based load balancing for network intrusion detection and prevention systems, Proceedings of the 4th international conference on Security and privacy in communication netowrks, September 22-25, 2008, Istanbul, Turkey
Yong Tang , Shigang Chen, An Automated Signature-Based Approach against Polymorphic Internet Worms, IEEE Transactions on Parallel and Distributed Systems, v.18 n.7, p.879-892, July 2007
Kuai Xu , Zhi-Li Zhang , Supratik Bhattacharyya, Internet traffic behavior profiling for network security monitoring, IEEE/ACM Transactions on Networking (TON), v.16 n.6, p.1241-1252, December 2008
Marc Lelarge, Efficient control of epidemics over random networks, Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems, June 15-19, 2009, Seattle, WA, USA

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses)


General Terms:
Security


Keywords:
attackers, computer worms, mobile malicious code, motivation, taxonomy

Collaborative Colleagues:
Nicholas Weaver: colleagues
Vern Paxson: colleagues
Stuart Staniford: colleagues
Robert Cunningham: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player