Worms Project

 

 

A  worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001.

 

 A worm usually exploits some sort of security hole in a piece of software or the operating system. For example, the Slammer Worm which caused mayhem in January 2003 exploited a hole in Microsoft's SQL server. The Slammer Worm was only 376 bytes in size.

Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent. A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt.

The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that do not have the Microsoft security patch installed. Each time it found an unsecured server, the worm copied itself to that server. The new copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.

The Code Red worm was designed to do three things:

  • Replicate itself for the first 20 days of each month
  • Replace Web pages on infected servers with a page that declares "Hacked by Chinese"
  • Launch a concerted attack on the White House Web server in an attempt to overwhelm it

Upon successful infection, the worm would wait for the appointed hour and connect to the www.whitehouse.gov domain. This attack would consist of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov (198.137.240.91).

The U.S. government changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they have installed the security patch.

Questions:

 

  1. What is a worm, and how does it spread?
  2. How many times did the Code Red worm replicate, and in what time?
  3. Explain how a worm gets access to a user’s computer, and what they do.
  4. What kind of computer resources do most worms use up?
  5. What worm made headlines in 2001, and what kind of damage could it have done?
  6. Name which Operating Systems were vulnerable to this worm, and why.
  7. What did the worm do to unsecured servers, and how did it use them?
  8. What three things were the worm designed to do? What was the intent of the worm’s creators?
  9. After the worm infected many systems, what was the final goal of the worm, was it successful?
  10.  How did the U.S. government deal with this threat, what did they do to ensure the worm would not keep spreading?