skip to main content
10.1145/1029618.1029620acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

A study of mass-mailing worms

Published: 29 October 2004 Publication History

Abstract

Mass-mailing worms have made a significant impact on the Internet. These worms consume valuable network resources and can also be used as a vehicle for DDoS attacks. In this paper, we analyze network traffic traces collected from a college campus and present an in-depth study on the effects of two mass-mailing worms, SoBig and MyDoom, on outgoing traffic. Rather than proposing a defense strategy, we focus on studying the fundamental behavior and characteristics of these worms. This analysis lends insight into the possibilities and challenges of automatically detecting, suppressing and stopping mass mailing worm propagation in a enterprise network environment.

References

[1]
Network Associates and 2000-05. Vbs/loveletter@mm. World Wide Web, http://vil.nai.com/vil/content/v_98617.htm, 2000.
[2]
Network Associates and 2001-07. W32/sircam@mm. World Wide Web, http://vil.nai.com/vil/content/v_99141.htm, 2001.
[3]
Network Associates and 2003-08. W32/sobig.f@mm. World Wide Web, http://vil.nai.com/vil/content/v_100561.htm, 2003.
[4]
Network Associates and 2004-01. W32/mydoom@mm. World Wide Web, http://vil.nai.com/vil/content/v_100983.htm, 2004.
[5]
CERT. CERT Advisory CA-2003-04 MS-SQL Server Worm. World Wide Web, http://www.cert.org/advisories/CA-2003-04.html.
[6]
Shigang Chen and Yong Tang. Slowing down internet worms. In Proceedings of 24th International Conference on Distributed Computing Systems, Tokyo, Japan, March 2004.
[7]
Zesheng Chen, Lixin Gao, and Kevin Kwiat. Modeling the spread of active worms. In Proceedings of IEEE INFOCOM 2003, San Francisco, CA, April 2003.
[8]
Gregory R Ganger, Gregg Economou, and Stanley M Bielski. Self-securing network interfaces: What, why and how, Carnegie Mellon University Technical Report CMU-CS-02-144, August 2002.
[9]
A. Gupta and R. Sekar. An approach for detecting self-propagating email using anomaly detection. September 2003
[10]
Jeffrey O Kephart and Steve R White. Directed-graph epidemiological models of computer viruses. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 343--359, May 1991.
[11]
David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and Nicholas Weaver. Inside the slammer worm. In IEEE Security and Privacy journal, 2003, 2003.
[12]
Stuart Staniford, Vern Paxson, and Nicholas Weaver. How to 0wn the internet in your spare time. In Proceedings of the 11th USENIX Security Symposium, August 2002.
[13]
Yang Wang, Deepayan Chakrabarti, Chenxi Wang, and Christos Faloutsos. Epidemic spreading in real networks: An eigenvalue viewpoint. In Proceedings of the 22nd International Symposium on Reliable Distributed Systems, 2003.
[14]
Yang Wang and Chenxi Wang. Modeling the effects of timing parameters on virus propagation. In Proceedings of the 2003 ACM workshop on Rapid Malcode, pages 61--66. ACM Press, 2003.
[15]
Matthew M Williamson. Throttling viruses: Restricting propagation to defeat malicious mobile code. In Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, December 2002.
[16]
Matthew M Williamson. Design, implementation and test of an email virus throttle. In Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, Nevada, December 2003.
[17]
Cynthia Wong, Chenxi Wang, Dawn Song, Stanley M Bielski, and Gregory R Ganger. Dynamic quarantine of internet worms. In Proceedings of DSN 2004, Florence, Italy, June 2004.
[18]
Cliff Changchun Zou, Weibo Gong, and Don Towsley. Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM Conference on Computer and Communication Security, November 2002.

Cited By

View all
  • (2023)Cybersecurity in Universities: An Evaluation ModelSN Computer Science10.1007/s42979-023-01984-x4:5Online publication date: 29-Jul-2023
  • (2023)A Multi-view Graph Learning Approach for Host-Based Malicious Behavior DetectionDatabase Systems for Advanced Applications. DASFAA 2023 International Workshops10.1007/978-3-031-35415-1_20(283-299)Online publication date: 17-Apr-2023
  • (2020)Infection Analysis on Irregular Networks Through Graph Signal ProcessingIEEE Transactions on Network Science and Engineering10.1109/TNSE.2019.29588927:3(1939-1952)Online publication date: 1-Jul-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
WORM '04: Proceedings of the 2004 ACM workshop on Rapid malcode
October 2004
100 pages
ISBN:1581139705
DOI:10.1145/1029618
  • Program Chair:
  • Vern Paxson
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. internet worms
  2. network security
  3. traffic analysis

Qualifiers

  • Article

Conference

CCS04
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)23
  • Downloads (Last 6 weeks)2
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Cybersecurity in Universities: An Evaluation ModelSN Computer Science10.1007/s42979-023-01984-x4:5Online publication date: 29-Jul-2023
  • (2023)A Multi-view Graph Learning Approach for Host-Based Malicious Behavior DetectionDatabase Systems for Advanced Applications. DASFAA 2023 International Workshops10.1007/978-3-031-35415-1_20(283-299)Online publication date: 17-Apr-2023
  • (2020)Infection Analysis on Irregular Networks Through Graph Signal ProcessingIEEE Transactions on Network Science and Engineering10.1109/TNSE.2019.29588927:3(1939-1952)Online publication date: 1-Jul-2020
  • (2016)Analysis of cyber attack vectors2016 International Conference on Computing, Communication and Automation (ICCCA)10.1109/CCAA.2016.7813791(600-604)Online publication date: Apr-2016
  • (2014)Modeling and Analysis on the Propagation Dynamics of Modern Email MalwareIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2013.4911:4(361-374)Online publication date: Jul-2014
  • (2011)Cloaking malware with the trusted platform moduleProceedings of the 20th USENIX conference on Security10.5555/2028067.2028093(26-26)Online publication date: 8-Aug-2011
  • (2011)Internet epidemiology: healthy, susceptible, infected, quarantined, and recoveredSecurity and Communication Networks10.1002/sec.2874:2(216-238)Online publication date: 5-Jan-2011
  • (2010)An overview of social engineering malware: Trends, tactics, and implicationsTechnology in Society10.1016/j.techsoc.2010.07.00132:3(183-196)Online publication date: Aug-2010
  • (2010)Defending against the propagation of active wormsThe Journal of Supercomputing10.1007/s11227-009-0283-851:2(167-200)Online publication date: 1-Feb-2010
  • (2009)Concept, Characteristics and Defending Mechanism of WormsIEICE Transactions on Information and Systems10.1587/transinf.E92.D.799E92-D:5(799-809)Online publication date: 2009
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media