RSS Alerts

Related Stories

  • Conficker still rampant in some countries' networks
    The Conficker worm is still thriving on networks in India, Chile, Russia and the Ukraine, where infection rates are up to 16%.
  • Microsoft releases SIRv7 - network worms on the rise
    Network worms are on the rise again thanks to poor IT management in the enterprise, according to the latest Security Intelligence Report (SIR) from Microsoft. Dramatic successes among worms in enterprises have caused this category of malware to move from fifth place to second place worldwide.
  • Koobface social networking worm gets a facelift
    Koobface, the first - and arguably the most successful of the social networking worms - is back, having been significantly tweaked by black hat hackers on the internet, reports Kaspersky Lab, the anti-malware and IT security vendor.
  • Downadup Worm goes Nuclear
    A network worm that began to spread late last year has turned into a epidemic. The Downadup worm, which we reported on last week, has infected around 3.5m PCs, according to F-Secure.
  • Securing the Friendly Skies
    Aviation security and information security are inextricably linked. So much of what makes up aviation security depends on sound information security; encompassing the protection of intelligence, procedural, systems, and network data. For all-too-obvious reasons, much of what goes on behind the scenes at airports with respect to information security is a closely guarded secret, whether it is the alphabet soup of governmental agencies in play or the airlines themselves. Drew Amorosi reports
    Members' Content

News

Penn State researchers hinder worm propagation

08 February 2010

Researchers at Penn State University have devised an algorithm designed to slow down the kind of rapidly-spreading network worm that can infect large portions of the internet quickly.

The algorithm is designed to protect networks against worms that scan for hosts locally within networks or subnets, according to Yoon-Ho Choi, a postdoctoral fellow in information sciences and technology at Penn State University.

Worms will often spread quickly inside an organization by scanning ports to find machines that they can infect. This enables them to infect large numbers of machines in a small space of time, especially when those machines are clustered together. The more contactable machines that exist on that network, the bigger the potential infection base and the broader the scope of the attack.

The algorithm developed by Choi and his team works by assessing the number of computers on a network and then setting a threshold for the average number of scans necessary to infect a host. It then monitors the number of port scans on the network to see if they exceed the threshold. If that happens, it quarantines the worm and then segments the network into a number of much smaller networks, thus limiting the spread of a worm.

The algorithm is designed to dramatically slow the spread of network worms, which in the past have relied heavily on port scans to find their victims. Although the number of network worms that have spread in this way has slowed in recent years, some still emerge occasionally. The most notable example of a network worm in recent times is Conficker, which spread using a vulnerability in the SSL service, accessible via port 443. However, subsequent versions of that worm also spread using removable media such as USB keys.

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water