Worm Attacks: Analysis of Types, Real-World Examples, and Mitigation
VerifiedAdded on  2023/04/11
|11
|1984
|483
Report
AI Summary
This report provides a comprehensive overview of worm attacks, a significant cybersecurity threat. It begins with an abstract outlining the report's focus on various types of worm attacks, including internet worms, email worms, file-sharing worms, and IRC worms, and their operational mechanisms. The report delves into real-world examples, such as the MyDoom email worm, detailing its impact, which included significant financial losses and DDoS attacks. It also outlines various actions and measures that can be taken to mitigate the risks associated with worm attacks, such as implementing advanced antivirus tools, educating users about the vulnerabilities, and establishing robust security protocols like hardware-based firewalls and regular data backups. The report concludes by emphasizing the importance of proactive security measures to protect systems and data from the evolving threat landscape of cyberattacks.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: WORM ATTACK
Worm Attack
Name of the student:
Name of the university:
Author note:
Worm Attack
Name of the student:
Name of the university:
Author note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1WORM ATTACK
Abstract
This report is equipped to discuss about the different types of cyber threats that are taking
place in today’s world and based on this attack the worm attack is described as one of the
cyber-attacks that is taking up the pace. The report discusses about the different types of
worm attacks that can infect systems causing data breach and based on it certain particular
measures are also reflected to prevent this attack i8n future.
Abstract
This report is equipped to discuss about the different types of cyber threats that are taking
place in today’s world and based on this attack the worm attack is described as one of the
cyber-attacks that is taking up the pace. The report discusses about the different types of
worm attacks that can infect systems causing data breach and based on it certain particular
measures are also reflected to prevent this attack i8n future.
2WORM ATTACK
Table of Contents
Introduction:...............................................................................................................................3
Operation of the attack in the real world:...................................................................................3
Real world example of Email worm attack:...............................................................................6
Impact of the attack:...................................................................................................................7
Action taken against the attack:.................................................................................................7
Conclusion:................................................................................................................................8
References:.................................................................................................................................9
Table of Contents
Introduction:...............................................................................................................................3
Operation of the attack in the real world:...................................................................................3
Real world example of Email worm attack:...............................................................................6
Impact of the attack:...................................................................................................................7
Action taken against the attack:.................................................................................................7
Conclusion:................................................................................................................................8
References:.................................................................................................................................9
3WORM ATTACK
Introduction:
A worm in computer denotes to be a self-replicating malicious program which has the
power to get copied and spread itself without taking help of any other pogroms. A worm
attack takes place by exploiting the security features or the policies that re present in any
software or any operating system when transferring some files automictically (Cerrudo,
2015). A computer worm has the ability to replicate itself very quickly by copying itself and
thus causing slower down in the networks and thus creates difficulty in accessing websites or
any other software. Recently, computer viruses have become so prevalent on networks, it has
become one of the biggest attacking vectors that hackers are using to get into systems through
the firewalls or through emails. Though there are some worms or viruses that does not cause
any problem but most of the worms these days cause some type of issues in the operating
system of the users file system causing disruption in the communication in the network. This
report focusses on the detailed worm operation that takes place in real world and based on it
reflects the possible measures that can be taken in order to prevent these worm attacks in
future.
Operation of the attack in the real world:
The first ever worm that was created by Robert Tappan Morris which was considered
as the world’s first computer worm ended up by earning him three years of jail and about
$10,500 fine. He was the first one to invent worms that can exploit the security defects that
are present in users’ network in order to pint out the future vulnerabilities that are present
with the worm attacks. After this incident, the vulnerabilities with computer-based worm
attacks are noted in several instances where these worms replicate themselves and making out
their way targeting computer systems that are poorly protected (Singh et al., 2014). The
worm attack takes place when the virus clones itself in a local area network or in any intranet
Introduction:
A worm in computer denotes to be a self-replicating malicious program which has the
power to get copied and spread itself without taking help of any other pogroms. A worm
attack takes place by exploiting the security features or the policies that re present in any
software or any operating system when transferring some files automictically (Cerrudo,
2015). A computer worm has the ability to replicate itself very quickly by copying itself and
thus causing slower down in the networks and thus creates difficulty in accessing websites or
any other software. Recently, computer viruses have become so prevalent on networks, it has
become one of the biggest attacking vectors that hackers are using to get into systems through
the firewalls or through emails. Though there are some worms or viruses that does not cause
any problem but most of the worms these days cause some type of issues in the operating
system of the users file system causing disruption in the communication in the network. This
report focusses on the detailed worm operation that takes place in real world and based on it
reflects the possible measures that can be taken in order to prevent these worm attacks in
future.
Operation of the attack in the real world:
The first ever worm that was created by Robert Tappan Morris which was considered
as the world’s first computer worm ended up by earning him three years of jail and about
$10,500 fine. He was the first one to invent worms that can exploit the security defects that
are present in users’ network in order to pint out the future vulnerabilities that are present
with the worm attacks. After this incident, the vulnerabilities with computer-based worm
attacks are noted in several instances where these worms replicate themselves and making out
their way targeting computer systems that are poorly protected (Singh et al., 2014). The
worm attack takes place when the virus clones itself in a local area network or in any intranet
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4WORM ATTACK
of any company and thus automatically gets spread. The cloning and spreading procedure
take place very fast infecting enormous number of machines. The most infamous worm attack
took place causing disruption of about !0% percent of world’s interconnected computer
networks within a time span of just 10 days. Previously, traditional worms are created which
has only the capacity to spread and disrupts the bandwidth of the network without changing
the systems functionality. But gradually as the worm attack gained popularity among the
hackers, a witty worm then was discovered which has the capacity to carry a payload that is a
piece o9f code that was designed to process a real time damage to the entire function ability
of computer systems. These types of payload worms have the capability to damage Microsoft
office files and also has the capacity of key logging of Dap rosy. Computer worm attacks
may take place in several ways which are as follows:
1. Internet worm attacks: This type of worm attack takes place via computer worms that
targets websites which are popularly used and does not have advanced security
features. After infecting the targeted site, the worm replicates itself and spreads to
any computer that are used to access the infected websites. In this way the worm
spreads its attack to other computers through local area network and internet.
2. Email worm attacks: Email worm attacks are most common worm attack of all the
attacks. This worm starts its attack via email attachments having double extensions
such as .mp4, .exe or any other attachments that needs to be opened after getting the
email. The worms are stored in this attachments and users would think that them as
normal attachments without any malicious programs (Ochieng, Mwangi & Ateya,
2014). As a result, when the users open those attachments the virus gets copied on the
infected file and automatically gets spread to contact lists associated with the email.
For processing this type of email worm attack, the email does not always need to
contain double attachments. A small link in the email body which needs to be opened
of any company and thus automatically gets spread. The cloning and spreading procedure
take place very fast infecting enormous number of machines. The most infamous worm attack
took place causing disruption of about !0% percent of world’s interconnected computer
networks within a time span of just 10 days. Previously, traditional worms are created which
has only the capacity to spread and disrupts the bandwidth of the network without changing
the systems functionality. But gradually as the worm attack gained popularity among the
hackers, a witty worm then was discovered which has the capacity to carry a payload that is a
piece o9f code that was designed to process a real time damage to the entire function ability
of computer systems. These types of payload worms have the capability to damage Microsoft
office files and also has the capacity of key logging of Dap rosy. Computer worm attacks
may take place in several ways which are as follows:
1. Internet worm attacks: This type of worm attack takes place via computer worms that
targets websites which are popularly used and does not have advanced security
features. After infecting the targeted site, the worm replicates itself and spreads to
any computer that are used to access the infected websites. In this way the worm
spreads its attack to other computers through local area network and internet.
2. Email worm attacks: Email worm attacks are most common worm attack of all the
attacks. This worm starts its attack via email attachments having double extensions
such as .mp4, .exe or any other attachments that needs to be opened after getting the
email. The worms are stored in this attachments and users would think that them as
normal attachments without any malicious programs (Ochieng, Mwangi & Ateya,
2014). As a result, when the users open those attachments the virus gets copied on the
infected file and automatically gets spread to contact lists associated with the email.
For processing this type of email worm attack, the email does not always need to
contain double attachments. A small link in the email body which needs to be opened
5WORM ATTACK
in order to read the mail can cause this attack smoothly. Clicking on a simple link
contained in the email body can cause downloading of malicious software in the
computer system and thus the hacker who is performing this operation gets hold of
every single system connected to it.
3. File sharing worm attacks: As many people share files illegally now a days, it
becomes easier for hackers to attack such computers performing such actions.
Transferring files illegally often leads to exposure of computer systems to threats like
worm attacks. Like any other worm attacks, the worm gets spread through files
unknowingly via media (Rajesh, Reddy & Reddy, 2015). When the users open those
files, the worm also gets downloaded and though it seems to have opened the original
file, the worm gets installed in the background while the media file is opened.
4. IRC worms’ attacks: IRC or internet relay chat is a type of messaging application with
low quality security features. It is same as todays messaging applications that are used
where computer worms can spread easily via messages containing links or
attachments
in order to read the mail can cause this attack smoothly. Clicking on a simple link
contained in the email body can cause downloading of malicious software in the
computer system and thus the hacker who is performing this operation gets hold of
every single system connected to it.
3. File sharing worm attacks: As many people share files illegally now a days, it
becomes easier for hackers to attack such computers performing such actions.
Transferring files illegally often leads to exposure of computer systems to threats like
worm attacks. Like any other worm attacks, the worm gets spread through files
unknowingly via media (Rajesh, Reddy & Reddy, 2015). When the users open those
files, the worm also gets downloaded and though it seems to have opened the original
file, the worm gets installed in the background while the media file is opened.
4. IRC worms’ attacks: IRC or internet relay chat is a type of messaging application with
low quality security features. It is same as todays messaging applications that are used
where computer worms can spread easily via messages containing links or
attachments
6WORM ATTACK
Figure1.: METHOD BY WHICH WORM ATTACK TAKES PLACE
Real world example of Email worm attack:
On January 2004, a type of email worm named the My Doom email worm attacked
the internet, imitating technical text messages that were issued by the server of the mail. The
worm was first discovered in the year 2004 and till now the worm is spreading fast followed
by the Sobig Worm (Shi, Abhilash & Hwang, 2015). The execution of the My Doom worm
starts by stealing the personal information of the users including the domain name of the
system and later uses this information to create mail address by adding some additional
strings at the beginning and then sends that mail to other mail address using their own SMTP
server (Kaur, Sharma & Singh, 2015). The attacking worm has the ability to delete certain
networks and tools that helps in analyzing the security and thus prevents the methods from
early detection so that the worm can attack the system properly.
Fig 2: PROCESS OF MY DOOM ATTACK
Figure1.: METHOD BY WHICH WORM ATTACK TAKES PLACE
Real world example of Email worm attack:
On January 2004, a type of email worm named the My Doom email worm attacked
the internet, imitating technical text messages that were issued by the server of the mail. The
worm was first discovered in the year 2004 and till now the worm is spreading fast followed
by the Sobig Worm (Shi, Abhilash & Hwang, 2015). The execution of the My Doom worm
starts by stealing the personal information of the users including the domain name of the
system and later uses this information to create mail address by adding some additional
strings at the beginning and then sends that mail to other mail address using their own SMTP
server (Kaur, Sharma & Singh, 2015). The attacking worm has the ability to delete certain
networks and tools that helps in analyzing the security and thus prevents the methods from
early detection so that the worm can attack the system properly.
Fig 2: PROCESS OF MY DOOM ATTACK
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7WORM ATTACK
Impact of the attack: My doom is one of the most expensive email worm that
attacked the Microsoft windows causing a total financial loss of about $ 38.5 billion (Naval et
al., 2014). Apart from this the My Doom email worm has impacted the following harms as
recorded:
1. The worm attack caused a DDoS attack on the website between 1st February to 12th
February 2004 causing generation of artificially created GET\HTTPS requests within
per 1024 milliseconds (Tidy et al., 2014).
2. The worm attack allowed hackers to gain access to the network resources making
available the first TCP port creating a backdoor component which performed the
downloading and execution of the files (Singh et al., 2014).
Action taken against the attack:
These type of worm attacks can be detected in a very low rate and thus mere antivirus
tools cannot detect the worm attack in the system. In order to take actions against the attack,
along with normal AV, real time traffic tracking tools are used which has the ability to scan
and generate warning against the attack. Besides this extra measure should be taken in order
to prevent data leakage and unwanted intrusion of data by hackers. Apart from the above-
mentioned preventive measures some of the measures that can prevent the attack beforehand
are listed below:
1. Implementing proper advanced antivirus tool (Lee et al., 2014).
2. Educating users about the vulnerability of the worm attack (AlFraih & Chen, 2014)
3. Educating users about not to download mail attachments without proper scanning
4. Implementing hardware-based firewalls and by deploying DNS (Yang, Zhu & Cao,
2016).
5. Auto run option should be disabled while inserting pen drives to computer systems
Impact of the attack: My doom is one of the most expensive email worm that
attacked the Microsoft windows causing a total financial loss of about $ 38.5 billion (Naval et
al., 2014). Apart from this the My Doom email worm has impacted the following harms as
recorded:
1. The worm attack caused a DDoS attack on the website between 1st February to 12th
February 2004 causing generation of artificially created GET\HTTPS requests within
per 1024 milliseconds (Tidy et al., 2014).
2. The worm attack allowed hackers to gain access to the network resources making
available the first TCP port creating a backdoor component which performed the
downloading and execution of the files (Singh et al., 2014).
Action taken against the attack:
These type of worm attacks can be detected in a very low rate and thus mere antivirus
tools cannot detect the worm attack in the system. In order to take actions against the attack,
along with normal AV, real time traffic tracking tools are used which has the ability to scan
and generate warning against the attack. Besides this extra measure should be taken in order
to prevent data leakage and unwanted intrusion of data by hackers. Apart from the above-
mentioned preventive measures some of the measures that can prevent the attack beforehand
are listed below:
1. Implementing proper advanced antivirus tool (Lee et al., 2014).
2. Educating users about the vulnerability of the worm attack (AlFraih & Chen, 2014)
3. Educating users about not to download mail attachments without proper scanning
4. Implementing hardware-based firewalls and by deploying DNS (Yang, Zhu & Cao,
2016).
5. Auto run option should be disabled while inserting pen drives to computer systems
8WORM ATTACK
6. E-commerce websites should bind themselves with highly trusted extended validation
documentations for SSL which shows that the website users are authenticate
7. Regular backup of data should be done so that in case of major data loss from the
system, no such disruption can occur in the organisations data (Abdulla et al., 2014).
Conclusion:
Thus, from the report it can be concluded that as computers are linked together via
networks to each other, hence it becomes easier for hackers to attack only one system and get
hold of the others at the same time. Among most of the threats that are taking place via
networks, one of them is the worm attack which can take place via transmission of various
media and thus it becomes necessary to prevent those systems by implementing antivirus
software within them and also taking measures to implement security which can detect the
malwares present in the media items that are shared.
6. E-commerce websites should bind themselves with highly trusted extended validation
documentations for SSL which shows that the website users are authenticate
7. Regular backup of data should be done so that in case of major data loss from the
system, no such disruption can occur in the organisations data (Abdulla et al., 2014).
Conclusion:
Thus, from the report it can be concluded that as computers are linked together via
networks to each other, hence it becomes easier for hackers to attack only one system and get
hold of the others at the same time. Among most of the threats that are taking place via
networks, one of them is the worm attack which can take place via transmission of various
media and thus it becomes necessary to prevent those systems by implementing antivirus
software within them and also taking measures to implement security which can detect the
malwares present in the media items that are shared.
9WORM ATTACK
References:
Abdulla, S., Ramadass, S., Altyeb, A. A., & Al-Nassiri, A. (2014). Employing machine
learning algorithms to detect unknown scanning and email worms. Int. Arab J. Inf.
Technol., 11(2), 140-148.
AlFraih, A. N. A., & Chen, W. (2014, May). Design of a worm isolation and unknown worm
monitoring system based on honeypot. In International Conference on Logistics
Engineering, Management and Computer Science (LEMCS 2014). Atlantis Press.
Cerrudo, C. (2015). An emerging us (and world) threat: Cities wide open to cyber
attacks. Securing Smart Cities, 17, 137-151.
Kaur, S., Sharma, S., & Singh, A. (2015). Cyber security: Attacks, implications and
legitimations across the globe. International Journal of Computer
Applications, 114(6).
Lee, P., Clark, A., Bushnell, L., & Poovendran, R. (2014). A passivity framework for
modeling and mitigating wormhole attacks on networked control systems. IEEE
Transactions on Automatic Control, 59(12), 3224-3237.
Naval, S., Laxmi, V., Gupta, N., Gaur, M. S., & Rajarajan, M. (2014, September). Exploring
worm behaviors using dtw. In Proceedings of the 7th International Conference on
Security of Information and Networks (p. 379). ACM.
Ochieng, N., Mwangi, W., & Ateya, I. (2014). A tour of the computer worm detection
space. International Journal of Computer Applications, 104(1).
Rajesh, B., Reddy, Y. J., & Reddy, B. D. K. (2015). A Survey Paper on Malicious Computer
Worms. International Journal of Advanced Research in Computer Science and
Technology, 3(2), 161-167.
References:
Abdulla, S., Ramadass, S., Altyeb, A. A., & Al-Nassiri, A. (2014). Employing machine
learning algorithms to detect unknown scanning and email worms. Int. Arab J. Inf.
Technol., 11(2), 140-148.
AlFraih, A. N. A., & Chen, W. (2014, May). Design of a worm isolation and unknown worm
monitoring system based on honeypot. In International Conference on Logistics
Engineering, Management and Computer Science (LEMCS 2014). Atlantis Press.
Cerrudo, C. (2015). An emerging us (and world) threat: Cities wide open to cyber
attacks. Securing Smart Cities, 17, 137-151.
Kaur, S., Sharma, S., & Singh, A. (2015). Cyber security: Attacks, implications and
legitimations across the globe. International Journal of Computer
Applications, 114(6).
Lee, P., Clark, A., Bushnell, L., & Poovendran, R. (2014). A passivity framework for
modeling and mitigating wormhole attacks on networked control systems. IEEE
Transactions on Automatic Control, 59(12), 3224-3237.
Naval, S., Laxmi, V., Gupta, N., Gaur, M. S., & Rajarajan, M. (2014, September). Exploring
worm behaviors using dtw. In Proceedings of the 7th International Conference on
Security of Information and Networks (p. 379). ACM.
Ochieng, N., Mwangi, W., & Ateya, I. (2014). A tour of the computer worm detection
space. International Journal of Computer Applications, 104(1).
Rajesh, B., Reddy, Y. J., & Reddy, B. D. K. (2015). A Survey Paper on Malicious Computer
Worms. International Journal of Advanced Research in Computer Science and
Technology, 3(2), 161-167.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10WORM ATTACK
Shi, Y., Abhilash, S., & Hwang, K. (2015, March). Cloudlet mesh for securing mobile clouds
from intrusions and network attacks. In 2015 3rd IEEE International Conference on
Mobile Cloud Computing, Services, and Engineering (pp. 109-118). IEEE.
Singh, D., Sinha, R., Songara, P., & Rathi, D. (2014). Vulnerabilities and attacks targeting
social networks and industrial control systems. arXiv preprint arXiv:1403.5628.
Singh, D., Sinha, R., Songara, P., & Rathi, D. (2014). Vulnerabilities and attacks targeting
social networks and industrial control systems. arXiv preprint arXiv:1403.5628.
Tidy, L., Shahzad, K., Ahmad, M. A., & Woodhead, S. (2014). An assessment of the
contemporary threat posed by network worm malware.
Yang, Y., Zhu, S., & Cao, G. (2016). Improving sensor network immunity under worm
attacks: A software diversity approach. Ad Hoc Networks, 47, 26-40.
Shi, Y., Abhilash, S., & Hwang, K. (2015, March). Cloudlet mesh for securing mobile clouds
from intrusions and network attacks. In 2015 3rd IEEE International Conference on
Mobile Cloud Computing, Services, and Engineering (pp. 109-118). IEEE.
Singh, D., Sinha, R., Songara, P., & Rathi, D. (2014). Vulnerabilities and attacks targeting
social networks and industrial control systems. arXiv preprint arXiv:1403.5628.
Singh, D., Sinha, R., Songara, P., & Rathi, D. (2014). Vulnerabilities and attacks targeting
social networks and industrial control systems. arXiv preprint arXiv:1403.5628.
Tidy, L., Shahzad, K., Ahmad, M. A., & Woodhead, S. (2014). An assessment of the
contemporary threat posed by network worm malware.
Yang, Y., Zhu, S., & Cao, G. (2016). Improving sensor network immunity under worm
attacks: A software diversity approach. Ad Hoc Networks, 47, 26-40.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.