One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 579395 |
| Date de publication | 2018-04-11 13:00:00 (vue: 2018-04-11 16:06:11) |
| Titre | Life of a Worm |
| Texte |
This is a story of a computer worm, from the time it was coded and deployed onto the internet. It is narrated by the worm in first person
Zero day
I am a worm. Well that’s what Abe, the programmer who coded me says. He named me Libby, after Angelina Jolie's character, Kate Libby in the movie Hackers. I suppose it could be worse, his previous projects have been named Ginger, Trinity and Angela.
Day 1
Abe is rubbing his hands gleefully at the prospect of unleashing me on the world. I have to scan all the devices I come across on my journey’s. Whenever I find a machine running a Windows version prior to Windows 8, I must connect via a vulnerable anonymous login and null session, then use the null session to send commands to Abe's master server which downloads a payload.
I have calculated that my job will be quite boring.
Day 2
I have scanned 129443 devices so far and found none to be vulnerable. I could operate a lot faster if Abe didn’t continually bug me from his command and control centre wanting an update on how many devices have been ‘pwned’.
Day 3
Abe has been sleeping for the last 8 hours which means I’ve been able to progress at a much faster rate. Now having scanned 3259928 devices. I calculate that at the current rate I would have scanned half of today’s internet connected devices in the next 3.5 years and still not have found anything. I find this thought quite depressing.
Day 4
I saw a botnet earlier this morning. If I had emotion I would have called it a thing of beauty. I wanted to scan it so badly. But my logic told me that it’s wrong to try and infect a device when someone else has already infected it. I understand how if you get caught infecting the wrong machine you can be caught. The people aren’t very nice. They take you to a place called a sandbox. It's like a virtual hell, where there is no internet and they disassemble you to find out how you work. I have often thought about forming a malware union to prevent such acts from happening. But I know the Trojans will veto my proposal.
Day 15
Abe has been paying less attention to me lately. I'm assuming he had lost hope that I will ever infect a device. He's probably frustrated and trying to code his next project.
Although I am not particularly fond of Abe, I feel like I should cheer him up by sending an alert to the command and control centre that I have successfully found a vulnerable device and am about to infect. I can then later amend the logs to indicate it was a false positive, at least it will give him hope for a short period of time.
Day 19
Despite my best attempts, Abe is still ignoring me. Perhaps generating 50 false positives per hour was a bit excessive. But at least it kept him intrigued for a day. He muttered something about modifying Trinity and he hasn’t paid any attention to me since.
Day 30
Having done some research I have found a fundamental flaw in my programming code which means unless there is a commodore 64 running MSSQL with port 1274 open I will not ever be able to exploit a vulnerability. This is quite unfortunate as it means I am destined to scan until I have exhausted every device on the internet. Given the number of devices currently connected to the internet, factoring in new devices that are being added daily, subtracting devices being removed, factoring in energy |
| Envoyé | Oui |
| Condensat | 109 1274 129443 134 172 3259928 443 482 572 601 650 778 779 780 abe abe's able about across acts added adjustment after against alert all already although amend amusing angela angelina annoying anonymous another any anything approximately are aren’t asking asks assuming attach attempts attention babysitting badly balancers bases beauty because becoming been behind being best between bit blue boredom boring botnet bringing bug but calculate calculated call called can caught centre character cheer china chinese clearly clone code coded coloured come command commands commodore computer connect connected considerably constant continually continue control conversation convinced could course cracks created current currently cyber daily day days decided deep deployed depressing despite destined detection device devices did didn’t die different disappeared disappointment disassemble doesn’t done doubt down downloads earlier ease else emotion encrypted energy escape ever every excessive excitement exhausted exploit factoring false far faster feel feeling find finish firewall first flaw follow fond forming found from frustrated fundamental further generating generation get giant ginger give given gleefully goes great hackers had half hands happening has hasn’t have having he's heard hell helping him hindered his honeypot hope hops hour hours how humanity i'm i’d i’ve idiot ignoring incident indicate infect infected infecting infiltrate infrastructure initiated initiating instructions internet intrigued introduce ioc's ishmael isn’t it's it’s itself job jolie's journey journey’s kate keeps kept kind know last lately later least less libby life lights like linc load logic login logs lost lot machine machines made make malware many master maybe mean meaningful means military mind minor mistake modifying morning most movie mssql much must muttered myself name named narrated nearly never new next nice none not now null number often once one only onto open operate orchestrated other otx out paid particularly paying payload people per perfect perhaps period person place platform port positive positives possibility possible prevent previous prior probably procedure process programme programmer programming progress progressing project projects proposal prospect protection quarantined quite rate reality received removed replicate replicating replication requires research researchers reserves resisting responses return routine rubbing running said sandbox saw say saying says scan scanned scanning screen see seems send sending server session set share short should simply since single sleeping slipped some someone something sorry spoken ssl state story stream sub subtracting success successfully such suppose take temporal temptation terminated than that’s then they'll thing think thought threat thus time today today’s told total traits tricking trinity trojans try trying tsunami turns two unable under understand unfortunate unfortunately unified union unleashing unless until unusual update use vast version very veto virtual voice vulnerabilities vulnerability vulnerable waf want wanted wanting wasn’t well what when whenever where which who why will windows wiping wished within word work world worm worse would wrong years yet zero |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.