A year of WormCatching

Roger Thompson ICSA

By the time VB 2002 rolls around, the WormCatcher project will have been running for a whole year. This paper explains how it works and examines some of the data collected. It will also look at the shortcomings and strengths of the idea of an automated reporting system like this.

Points of interest will include:

How Nimda showed up initially
How CodeRed.b keeps going
When CodeRed.c and .d died out
How Nimda keeps going
Any new worms that show up prior to the conference. At the time of writing this abstract, I am feverishly adding UDP support in anticipation of SNMP worms.
Plans for the future.

del.icio.us

digg this

VB Conferences


	VB2013 (Berlin) VB2012 (Dallas) VB2011 (Barcelona) VB2010 (Vancouver) VB2009 (Geneva) VB2008 (Ottawa) VB2007 (Vienna) VB2006 (Montréal) VB2005 (Dublin) VB2004 (Chicago) VB2003 (Toronto) VB2002 (New Orleans) Photos Programme VB2001 (Prague) VB2000 (Orlando) VB99 (Vancouver) VB98 (Munich) VB97 (San Francisco) VB96 (Brighton) VB95 (Boston) VB94 (Jersey) VB93 (Amsterdam) VB92 (Edinburgh) VB91 (Jersey) ‘One of the best conferences I have ever attended in every aspect.’

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Malware Prevalence

Autorun
Encrypted/Obfuscated
Heuristic/generic
Sality
Zbot

View this month's full report

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

A year of WormCatching

VB2013 (Berlin)

VB2012 (Dallas)

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)