Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier on Attack Trends: More Complex Worms

Posted by timothy on from the malice-on-the-loose dept.

Gary W. Longsine writes "Bruce Schneier has posted an interesting entry on expected attack trends to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC. Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID"

3 of 189 comments (clear)

  1. Schneier by pHatidic · · Score: 4, Informative

    If you haven't already read his book Beyond Fear I would highly recommend it. For those of us who don't read books, he covers a good chunk of the material in 34 minutes in this interview. Also very fascinating, I even played it for my grandparents and they both enjoyed it, and have since told me that they have seen him talking on CSPAN or something like that.

  2. Anatomy of the Web Application Worm by mrkitty · · Score: 5, Informative

    For those wondering about other advances/predictions in worms check out this paper I wrote a few years ago.
    http://www.cgisecurity.com/articles/worms.shtml

    --
    Believe me, if I started murdering people, there would be none of you left.
  3. Re:work work work... by Flendon · · Score: 5, Informative

    I would like to see a worm that goes around and patches servers for a change. It can be done.

    Welchia attempted to patch the DCOM RPC vulnerability that Blaster feed on and remove Blaster if present. It was called the "good samaritan worm". The problem was, as the AC pointed out, the network traffic Welchia generated DoSed any network that it "aided". Other "helpful" viruses have existed, but usually had the same unfriendly welcome for the same reason.

    --
    chown -R us ./base