Saturday, September 01, 2007

Worms: a look back

Time flies. This is from an old infosec blog post of mine in 2005 about a paper from late 2004. Just two years ago we were still worried about containing mass worm outbreaks. Those days are essentially over with the rise of true criminal activity and targeted attacks. Nevertheless this concept could , maybe, be applied to controlling botnets, the key tool behind phishing, spamming, and other criminally motivated attacks. Botnets used to be centrally controlled. Kill the head, the botnet dies too. New botnets use a distributed architecture. They're more like a Hydra.

The Future of Malware Defense?
"Security UPDATE -- March 16, 2005"
Information Security News

"The research paper 'Can We Contain Internet Worms?,' was published in August 2004. In it, Microsoft researchers discuss how worms might become more readily containable as computers collaborate in a more automated manner. The concept, which the researchers have dubbed 'Vigilante,' proposes 'a new host centric approach for automatic worm containment.' ... Hosts detect worms by analysing attempts to infect applications and broadcast self-certifying alerts (SCAs) when they detect a worm. SCAs are automatically generated machine-verifiable proofs of vulnerability"

1 comment:

  1. Vulnerability management is something that will make or break your network. It often requires us to run multiple applications but keeping threats out is perhaps the most important part of network security. Sure there are plenty of tools that help us remove threats once they get into our systems but once they’re there the damage these things cause happens rather quickly.

    I’ve attended several security seminars within the last few months. Most of them where only focused on detecting threats and identifying risks after they had infiltrated our networks. I continue to believe that all of the speakers I saw where all crazy. Make less work for yourself and your network, keep the threats off to begin with and you’ll find that your Security Management will leave you little to worry about.


Note: Only a member of this blog may post a comment.