What are Network/ Internet Worms & A short story of Stuxnet
In this article, let us look at what computer worms are, some techniques used by them to infect systems, what they can do and how they spread. But before that, let us read a short story of the most famous worm – Stuxnet.
Short Story of Stuxnet:
How does one attack/ disable a nuclear facility that is several stories underground and does not have any connections to the Internet/ external world? That’s exactly the challenge that Stuxnet was designed to overcome.
It seems Stuxnet was planted in the area surrounding the nuclear facility so that it can spread to as many computers as possible in a short period of time. It then had to mask itself and remain undetected from the existing computer security mechanisms.
Since this was the area where scientists and other workers in the nuclear facility went to their homes, there was a chance that some of them would bring their work home in a pen drive / removable disk. It seems some of them did, and the worm copied itself and was able to infect systems inside the nuclear facility.
Once inside, it had to learn the complex network security mechanisms in place and evolve in order to remain undetected. It then had the job of infecting the proprietary operating system of a vendor’s nuclear plant control system.
It then targeted the frequency converters which regulated the speed of the centrifuges used to create nuclear fuel. It made them run too fast/ too slow in order to ensure that the nuclear fuel was never enriched properly and hence un-usable for plant operations.
More importantly, it masked this operation by adjusting the readings in monitoring systems so that the scientists would not come to know the actual reason for centrifuge malfunction.
Though it was later discovered by a third party vendor having operations inside the plant, it was effective enough to jeopardize the nuclear program for many months.
This is what worms are capable of doing, and this particular example is thought of being a part of ‘Cyber warfare’.
You can read the entire story about Stuxnet from this link. It takes 20 minutes to read, but reads like a thriller.
What is a Network/ Internet Worm?
Worms are self-sufficient malicious code that can be remotely controlled (most of the time) to cause some form of damage to the computers they infect. They can move from one system to another over the network and try to mask themselves from being detected by existing network security mechanisms.
Unlike a computer virus, worms are self-sufficient and network enabled. They need not have to get attached themselves to some host document and use it to spread around the network – they can do it by themselves. Worms can replicate themselves and communicate with their controller/ other worms using the infected system resources.
How do worms infect systems?
Worms infect systems either by exploiting a known flaw in the software (like buffer overflow) or using any configuration errors or due to some action initiated by the user (like opening an email attachment containing worms / downloading worms disguised as pirated software or system updates).
What else can worms do?
- Worms can disguise themselves (using encryption, etc.) and hence they can be hard to deduct / analyze.
- Worms may disable security update systems in the host or prevent the host from accessing such systems.
- Worms can leave a system completely but still leave a back-door to enable future attacks.
- Worms can copy themselves to USB drives/ external hard disks and other portable storage media.
- A new version of the worm can update the old version through peer-to-peer interaction.
- Worms can attack a large number of systems over the Internet by choosing random IP addresses.
What kind of damage can be inflicted by worms?
- Worms can cause network flooding and induce excessive network traffic, thereby chocking the bandwidth.
- Worms can be designed to extract sensitive information from target systems like user-name/ password, financial information, etc.
- Worms can delete important files and make a system / hard-disk unusable.
- A worm can use dictionary attacks on systems to guess passwords and get administrative access, after which the systems can be remotely controlled.
- Worms can execute scripts or commands on a remote system, without the user’s knowledge.
- Worms can take control of a group (zombie) of systems to launch coordinated DDoS attacks from multiple locations.
- Worms can do many more things that they are programmed to do. Some of them don’t cause much damage, but many of them do.
excITingIP.com
You could stay up to date on the various computer networking/ enterprise IT technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’