2006 Articles

Next Generation Attacks on the Internet

Markatos, Evangelos; Keromytis, Angelos D.

Over the past few years we have seen the use of Internet worms, i.e., malicious self-replicating programs, as a mechanism to rapidly invade and compromise large numbers of remote computers. Although the first worms released on the Internet were large-scale easy to- spot massive security incidents, also known as flash worms, it is currently envisioned that future worms will be increasingly difficult to detect, and will be known as stealth worms. This is partly because the motives of the first worm developers were centered around the self-gratification brought by the achievement of compromising large numbers of remote computers, the motives of recent worm and malware developers are centered around financial and political gains. Therefore, although recent attackers still want to be able to control a large number of compromised computers, they prefer to compromise these computers as quietly as possible, over a longer period of time, so as not to be detected by any security defenses. Thus, to achieve a stealthy behavior, these attackers have started using, or at least have the capacity to use a wide variety of mechanisms that will make their worms more difficult to detect.