Worm charming: taking SMB Lure to the next level

Martin Overton IBM Global Services, UK

Worm charming: taking SMB Lure to the next level

Over the last two years, worms have resurfaced as a major headache, especially for the companies that get hit by them. Worms aren't new; they have been around since almost the dawn of computing. With the likes of Nimda, Code Red, and last year's quietly successful worm Opaserv, the rules have changed and the stakes are now significantly higher than ever before.

This paper will use the SMB Lure design as presented by John Morris of Nortel Networks at VB2002 as a staring point and cover how it can be extended to improve its usefulness, not just to corporates but also to researchers in the AV companies, these improvements will include:

  • Sample Capture, via custom scripts/tools.
  • Sample Recognition, MD5 hashes and anti-virus tools and storage.
  • Integration with other technologies, such as IDS, Integrity Checking, anti-virus and custom.
  • Scripts and other useful tools.
  • Automation.

By the time VB2003 arrives a prototype system, based on the technologies and methodologies mentioned above will have been running for almost a year, so there should be some very interesting statistics as well as lessons learnt along the way to share. Early statistics and information obtained using a very early version of this system was used in the article entitled 'Are You Being [Opa]Serve[d]?' in the January 2003 issue of Virus Bulletin magazine.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.