Martin Overton IBM Global Services, UK
Worm charming: taking SMB Lure to the next level
Over the last two years, worms have resurfaced as a major headache, especially for the companies that get hit by them. Worms aren't new; they have been around since almost the dawn of computing. With the likes of Nimda, Code Red, and last year's quietly successful worm Opaserv, the rules have changed and the stakes are now significantly higher than ever before.
This paper will use the SMB Lure design as presented by John Morris of Nortel Networks at VB2002 as a staring point and cover how it can be extended to improve its usefulness, not just to corporates but also to researchers in the AV companies, these improvements will include:
By the time VB2003 arrives a prototype system, based on the technologies and methodologies mentioned above will have been running for almost a year, so there should be some very interesting statistics as well as lessons learnt along the way to share. Early statistics and information obtained using a very early version of this system was used in the article entitled 'Are You Being [Opa]Serve[d]?' in the January 2003 issue of Virus Bulletin magazine.