A year of WormCatching

Roger Thompson ICSA

By the time VB 2002 rolls around, the WormCatcher project will have been running for a whole year. This paper explains how it works and examines some of the data collected. It will also look at the shortcomings and strengths of the idea of an automated reporting system like this.

Points of interest will include:

How Nimda showed up initially
How CodeRed.b keeps going
When CodeRed.c and .d died out
How Nimda keeps going
Any new worms that show up prior to the conference. At the time of writing this abstract, I am feverishly adding UDP support in anticipation of SNMP worms.
Plans for the future.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘There is still nothing like a VB conference!’

Poll

Who in your company is responsible for installing software patches?

Leave a comment

Malware Prevalence

Agent
Mytob
Invoice
NetSky
Suspect packers

View this month's full report

Virus Bulletin currently has 148,281 registered users.

Fighting malware and spam