Proactive detection of code injection worms

Charles Renert Determina

Some of today's most dangerous worms are finding ways to compromise systems by injecting and running the code of their choosing on a remote host. Different from classic email-borne worms, these new threats (e.g. CodeRed, Slammer, Blaster) take advantage of recently published vulnerabilities to launch their payloads. Code injection worms are especially dangerous for two primary reasons:

1) they are not detectable by traditional AV software

2) they spread extremely rapidly because they require no user interaction.

Reactive strategies to prevent damage from these worms are too slow, and often risky to deploy. Only proactive detection techniques are truly effective against these worms - techniques that do not need updating because they stop both current threats and those that are as yet unwritten. In this paper, I examine the state of the art for proactive detection of this growing threat class.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘I want to express my appreciation for such a wonderful conference that the VB team puts together for the AV industry. I have attended many conferences in the past, but there is nothing that is comparable to both the content and the venue of VB2007.’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

Jobs

In Virus Bulletin's jobs pages among others:

Python Programmer (Košice, Slovakia)
Java Programmer and Analyst (Košice, Slovakia)

Virus Bulletin currently has 190,859 registered users.

Fighting malware and spam