Anti-Reverse Engineering Lab Assignment

docx

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

320

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

6

Uploaded by BailiffKnowledge19216

Report
1 Anti-Reverse Engineering Lab Adrian Andrade Grand Canyon University CYB-320 Mike Manrod Due April 23, 2023
2 The Morris Worm At around 8:30 pm on November 2, 1988, a malicious program was unleashed on the internet from a computer at the Massachusetts institute of Technology (MIT). The program was quickly spreading to every computer around at the time, and it wasn’t stopping. And withing 24 hours, an estimated 6,000 of the approximately 60,000 computers that were connected to the Internet had been hit. Many schools were hit as a result of this attack, schools such as Berkely, Princeton, Stanford, Johns Hopkins, NASA, and the Lawrence Livermore National Laboratory. The damages of the attack amounted in the millions, and caused every institution to wipe their system completely, and other s cut themselves off from the network for weeks. This attack had a massive impact on computers and cybersecurity in general. The Morris worm made the web seem much less secure, and it made the entire world realize that how important cybersecurity was. After the attack, companies started investing more into password management programs and firewalls. People become less trusting on the web, and everyone got more protective (which in hindsight, isn’t all too bad). Delivery Methods The Morris got delivered by exploiting a backdoor in the Internets electronic mail system and a bug in the “finger” program that identified network users. Additionally, it was also designed to hide itself.
3 The Morris worm was delivered by exploiting vulnerabilities in UNIX send mail, finger, and rsh/rexec as well as by guessing weak passwords. And to ensure it didn’t run on a computer that already had it, it checked the computer first. How the Attack Worked The Morris worm worked as a sort of Denial-of-Service attack which aimed to slow processes down exponentially. It did this by replicating files repeatedly, which incredibly slowed computer processes down. The first thing the Morris worm did was ask each computer whether it received itself already. If the computer answered “Yes”, then it was labeled as “infected”, and it wouldn’t copy. However, if it answered “No”, then it was labeled “Not Infected”, and the worm would run. This whole process however, was changed by the man who programmed it. He figured that people would make their computers say “yes” for each prompt, which would’ve ended the attack outright. So, he programmed the Morris worm to replicate regardless. The worm would continue copying files forever until every computer was infected. In terms of the Lockheed Martin Cyber Kill chain, the reconnaissance step would involve finding the delivery methods, and doing extensive research of the UNIX OS (which was quite popular at the time). This concerned the backdoor, the “finger” program, and rsh/rexec. The second step was programming (actually making the program). The next step of the Lockheed kill chain was delivery. This meant sending out the program through electronic mail, and ensuring the worm spreads through the net. The next step is exploitation, and this step should be exploiting the backdoor in the electronic mailing step and causing buffer overflow with the “finger” program. After exploitation is installation. This meant infecting the system with the Morris Worm. After
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 installation is Command and Control. This should be the after effects of installing the Morris Worm, which was slowing down the computer’s processes exponentially. The next and last step was Actions on Objectives. The main function of this malware was to deny service by repeatedly copying files, and the Morris Worm did indeed succeed in completing this function. I will say however, that the main intention of the programmer was not to deny service to other’s computers. He stated that this program was just an experiment, and was never supposed to be leaked. Thus, technically the main objective was never to deny service, even though that’s what the program did, it was just for educational purposes. Indicators of Compromise There are several indicators of compromise coming from the Morris Worm. One indicator of compromise would be unusually slow network traffic. The purpose of the attack is to deny service by slowing processes down exponentially. Thus, the intended effect is to slow everything down, including network traffic. Not only that, it would also slow performance of the computer in general. So, even if the internet was shut off, the computer would still be emitting signs of bad performance (This is also another sign of compromise). Another sign of compromise would be an unusual amount of unknown files (and of course, one of these files should be the Morris Worm). One of the main functions of the Morris Worm is self replication, and copying an endless amount of files. Thus, these files should be found within system storage. And most of these files should be unknown.
5 Defensive Measures There are a number of things that would’ve no doubt prevented the Morris Worm from occurring. With this consideration, there are a number of defensive measures from CIS18 that would’ve provided protection to the Morris Worm. One of which is using email and web browser protections. One of main delivery methods in this attack was email. Thus, having anti-malware scan incoming email for malware would’ve better highly beneficial. Another defensive measure that wouldn’t no doubt have helped is malware defenses. This means deploying anti-malware protections and ensure that malware that does enter the system is found and eradicated. The next measure is network monitoring and defense. This provided another security layer in addition to email and web browser protections. This is key to catching the Morris worm before it reaches a host. The next and last measure is continuous Vulnerability Management. This means patching the system, and keeping it up-to-data. This ensures that known vulnerabilities are mitigated and patched. This would have helped combat the Morris Worm by patching vulnerabilities in the system, so that they can’t be exploited by the Morris Worm.
6 References CIS 18 controls assessment . Global Security Audit and Testing Services. (n.d.). Retrieved April 28, 2023, from https://www.prescientsecurity.com/cis-18-controls-assessment Bacon, M. (2015, October 30). What is indicators of compromise (IOC)?: Definition from TechTarget . Security. Retrieved April 28, 2023, from https://www.techtarget.com/searchsecurity/definition/Indicators-of-Compromise- IOC#:~:text=Examples%20of%20an%20IOC%20include,traffic%20showing%20non %2Dhuman%20behavior . Cyber kill chain® . Lockheed Martin. (n.d.). Retrieved April 28, 2023, from https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Okta. (2023, February 14). What is the Morris Worm? History and Modern Impact . Okta. Retrieved April 28, 2023, from https://www.okta.com/identity-101/morris-worm/ FBI. (2019, July 17). Morris Worm . FBI. Retrieved April 28, 2023, from https://www.fbi.gov/history/famous-cases/morris-worm
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

vertopal.com_mnist_logreg.pdf
ilovepdf_merged (3).pdf
CSCE_3730_F23_HW5.pdf
cookiequiz.pdf
Lab 4 - Logic Gates.pdf
Quiz 1 Solution-F22.pdf
Shellcode Analysis Lab (1).pdf
uopeople-cs-3303-data-structures-graded-quiz-unit-5.pdf
Document (21).docx-7.pdf
uopeople-cs-3303-data-structures-review-quiz-unit-9.pdf
Module 3 Challenge.docx
HW4.pdf
Recommended textbooks for you
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS