A study of mass-mailing worms

Authors:
Cynthia Wong;Stan Bielski;Jonathan M. McCune;Chenxi Wang
Affiliations:
Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA
Venue:
Proceedings of the 2004 ACM workshop on Rapid malcode
Year:
2004

Citing 8
Cited 11

Code red worm propagation modeling and analysis

Proceedings of the 9th ACM conference on Computer and communications security
How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
Throttling Viruses: Restricting propagation to defeat malicious mobile code

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Inside the Slammer Worm

IEEE Security and Privacy
Modeling the effects of timing parameters on virus propagation

Proceedings of the 2003 ACM workshop on Rapid malcode
Design, Implementation and Test of an Email Virus Throttle

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Slowing Down Internet Worms

ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Dynamic Quarantine of Internet Worms

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks

Detecting mass-mailing worm infected hosts by mining DNS traffic data

Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
binpac: a yacc for writing application protocol parsers

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Leveraging good intentions to reduce unwanted network traffic

SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms

IEEE Transactions on Dependable and Secure Computing
A new worm exploiting IPv4-IPv6 dual-stack networks

Proceedings of the 2007 ACM workshop on Recurring malcode
OpenLIDS: a lightweight intrusion detection system for wireless mesh networks

Proceedings of the 15th annual international conference on Mobile computing and networking
Defending against the propagation of active worms

The Journal of Supercomputing
How to secure your email address book and beyond

CANS'07 Proceedings of the 6th international conference on Cryptology and network security
Cloaking malware with the trusted platform module

SEC'11 Proceedings of the 20th USENIX conference on Security
Empirical analysis of rate limiting mechanisms

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
An email worm vaccine architecture

ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mass-mailing worms have made a significant impact on the Internet. These worms consume valuable network resources and can also be used as a vehicle for DDoS attacks. In this paper, we analyze network traffic traces collected from a college campus and present an in-depth study on the effects of two mass-mailing worms, SoBig and MyDoom, on outgoing traffic. Rather than proposing a defense strategy, we focus on studying the fundamental behavior and characteristics of these worms. This analysis lends insight into the possibilities and challenges of automatically detecting, suppressing and stopping mass mailing worm propagation in a enterprise network environment.