Part 4: Advanced Web Kung Fu

Previous page
Table of content
Next page

Case Study

AS David strolled off the subway platform, he picked up his morning Journal and read it: "New computer worm blinds companies, costing companies billions" the Wall Street Journal headline read. A computer worm is a self-propagating program that infects computer after computer, often using the resources of the infected computer to launch further attacks.

Surely this account was preposterous; it had to be blown way out of proportion. After all, nothing existed out there to do what the headline stated. David, the security administrator for more than 100,000 computer systems at his online brokerage firm, rushed up to the 53rd floor to his office where he quickly powered up his laptop to open an Internet browser. He went straight to the Web site he knew would have the vital information he needed, the Carnegie-Mellon Emergency Response Team (www.cert.org). David has depended on them for years to keep up with threats on the Internet and internally. It wasn't the most responsive organization when it came to details about a new vulnerability, but it tended to provide more than the rest and eventually became the de facto standard for helpful vulnerability information.

Sure enough, CERT was reporting that nearly 100 million computer systems had been affected as of last night. The organization had been receiving reports from around the world for more than thirty-six hours now, and there appeared to be no end in sight. Early reports indicated that the worm was multiplatform and multiapplication, and used a rarely used stealth technique called SSL tunneling to hide its detection. Until now, the worms the world had seen were fairly innocuous, taking advantage of standard vulnerabilities over traditional (and detectable) techniques. Suddenly, the worms that had infected millions of computers in 2001 seemed like child's play. A new day had dawned, and David was suddenly very much aware of its implications.

The worm was multiplatform because it infected all three major operating systems: Windows, Solaris, and Linux. After breaking into one system, it proceeded to scan the local network looking for both similar and different systems, exploiting known vulnerabilities in each of the other platforms.

The worm was multiapplication because for the first time it was infecting both Oracle and Microsoft SQL Server databases. One of the worm's vectors (modes of attack) was taking advantage of application layer vulnerabilities and employing the Microsoft SQL Server's xp_cmdshell and XML overflow attacks.

The worm was stealth because it encrypted its traffic through SSL, effectively hiding itself from the so-called security devices on the network (intrusion detection systems). Employing standard SSL encryption in use on many commercial Web servers, the worm snaked its way onto Microsoft IIS and Apache Web servers, overwhelming their resources and effectively shutting down critical infrastructure.

With the worm gaining momentum and knocking out critical systems and infrastructure around the world, David thought, the cyberworld as we know is history.

 


Previous page
Table of content
Next page
Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors: Stuart McClure, Saumil Shah, Shreeraj Shah
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Competency-Based Human Resource Management
Microsoft WSH and VBScript Programming for the Absolute Beginner
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy