• United States

Learning more about how viruses and worms work

May 17, 20042 mins

I’ve seen more  worms and viruses trying to get onto our network in the past year than ever before. We’re taking all the reasonable precautions we can. As we find best practices documents, we look at them and implement the best of what we find. Is there a way I can learn more about how viruses and worms work to possibly find ways of better protecting our network?

– Via the Internet

The first place to start is with the various anti-virus vendors Web sites. To a degree they’ll give you information on how the various viruses/worms work and how to spot them. Look at subscribing to some of the listservs and newsgroups (BugTraq and Sophos, for example) where you will find even more information. In some cases, you may even find links to Web sites containing the source code for the viruses/worms so you can see at a very low level how these things work.

If you have the PCs available to set up an isolated test network you can obtain “samples” of the viruses and use a protocol analyzer like Ethereal or one of the commercial products such as Etherpeek or Sniffer to see what kind of traffic the viruses/worms generate. Information gathered here can help you find other ways of blocking this kind of activity.

If this isn’t enough for you, look for a book called “Defense and Detection Strategies against Internet Worms” written by Jose Nazario. This is the best resource I’ve found yet for getting you under the hood for how worms work. Previous worms are examined and thoughts/ideas are presented for what we may expect to find in the near future.