Wednesday, March 22, 2006

The Art of Digital War - Virus / Worm Analysis

According to Richard Bejtlich (Author of Tao of Network Security Monitoring and Extrusion Detection) there are five phases of compromise (of an external attack).

  1. Reconnaissance
  2. Exploitation
  3. Reinforcement
  4. Consolidation
  5. Pillage
Guess what: Viruses of the new era has attack models, similar to a sophisticated Hacker (or Cracker). It scans your network, exploits your vulnerable applications, creates backdoors for control, and does DoS (Denial of Service) attacks against other systems and even fights other viruses and worms to show supremacy!

Here is a brief summary of the Virus / Worm Behavior Analysis document (Adobe PDF document Size 105K) I prepared as part of my research on Virus behaviors around 8 months ago (in August 2005).

I was thinking about creating a virus database based on these attributes (my spreadsheet contains close to 250 attributes to understand the virus behavior).

Watch this space for more details… ..

No comments: