Blended attacks: exploits, vulnerabilites and buffer overflow techniques in computer viruses
Eric Chien Symantec Security Response
Péter Ször Symantec Security Response
Exploits, vulnerabilities, and buffer-overflow techniques have been
used by malicious hackers and virus writers for a long time. However,
until recently, these techniques were not commonplace in computer
viruses. The CodeRed worm was a major shock to the anti-virus industry
since it was the first worm that spread not as a file, but solely in
memory by utilizing a buffer overflow in Microsoft IIS. Many
anti-virus companies were unable to provide protection against
CodeRed, while other companies with a wider focus on security were
able to provide solutions to the relief of end users.
Usually new techniques are picked up and used by copy cat virus
writers.
Thus, many other similarly successful worms followed CodeRed, such as
Nimda and Badtrans.
In this paper, the authors will not only cover such techniques as
buffer overflows and input validation exploits, but also how computer
viruses are using them to their advantage.
Finally, the authors will discuss tools, techniques and methods to
prevent these blended threats.
VB2009 will take place 23-25 September 2009 at the Crowne Plaza Geneva, Switzerland.
VB is currently seeking submissions from those wishing to present papers at VB2009. Full details are in the call for papers.