2007 Articles

Defending Against Next Generation Through Network/Endpoint Collaboration and Interaction

Antonatos, Spiros; Locasto, Michael E.; Sidiroglou, Stelios; Keromytis, Angelos D.; Markatos, Evangelos

Over the past few years we have seen the use of Internet worms, i.e., malicious self-replicating programs, as a mechanism to rapidly invade and compromise large numbers of remote computers [33]. Although the first worms released on the Internet were large-scale, easy-to-spot massive security incidents [6, 19, 20, 26], also known as flash worms [32], it is currently envisioned (and we see already see signs, in the wild) that future worms will be increasingly difficult to detect, and will be known as stealth worms. This may be partly because the motives of early worm developers are thought to have been centered around self-gratification brought by the achievement of compromising large numbers of remote computers, while the motives of recent worm and malware developers have progressed to more mundane (and sinister) financial and political gains.