LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-28-2004, 05:40 PM   #1
desmond33
LQ Newbie
 
Registered: Oct 2003
Distribution: Zen Walk 4.2, Slackware 11, Debian 3.1
Posts: 13

Rep: Reputation: 0
Worms!


hello. Do any of you know of a good site to find the source code and/or dissassembled binaries for some "worms"? The platform/exploit doesn't really matter; im just curious about it and would like to study the actual source.
 
Old 04-28-2004, 06:28 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Worms are just network apps gone bad. They aren't really all that different from a typical client/server model, except in this case the "server" is accidentally running a "service" (really, a flaw) that the "client" can "logon" to (really, exploit). What does a worm do after it infects something? Read an address book, start an SMTP server, etc... that's not unlike "good" software.

Learn the principles of network programming and you'll essentially know how worms work. The rest is just about understanding a software flaw and how to exploit it, but that's really a small part of what a worm does.
 
Old 04-28-2004, 07:38 PM   #3
desmond33
LQ Newbie
 
Registered: Oct 2003
Distribution: Zen Walk 4.2, Slackware 11, Debian 3.1
Posts: 13

Original Poster
Rep: Reputation: 0
Actually, im interested in the self-propagation principles involved with this (the "slammer" worm seems interesting), and id like to run some similar programs on a private network. i was hoping to get a head start by stealing code instead of starting from scratch, but i just cant find the actual files anywhere.

Last edited by desmond33; 04-28-2004 at 07:42 PM.
 
Old 04-28-2004, 08:08 PM   #4
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
It might be worth noting that lately the main technique used in windows relied on people's ignorance in opening attachments and the accessibility of the outlook express address book, and in some cases the accessibility of the registry. These vulnerabilities should be drying up a bit in the future
 
Old 04-28-2004, 10:45 PM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Well I can't think of a legitimate reason why you would need to know how to write a self-propagating worm. LQ makes it a practice not to assist in finding to malicious code and/or exploits, so you won't find assistence on creating worms here.

Really, if you know network programming, it's not that difficult to create a worm. The only tough part is having the "luck" to discover a flaw and understand how to exploit it. Of course, many worm writers just download Proof of Concept code as the basis for their exploit code, so the whole thing becomes pretty braindead.
 
Old 04-29-2004, 01:10 AM   #6
desmond33
LQ Newbie
 
Registered: Oct 2003
Distribution: Zen Walk 4.2, Slackware 11, Debian 3.1
Posts: 13

Original Poster
Rep: Reputation: 0
I realy dont have a practical security interest in this; I just found it interesting from an "artificial life" point of view. sorry if it's not in accordance with the forum policy.
 
Old 04-29-2004, 03:14 AM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Not a problem. I think the issue is that you just fundamentall misunderstand how simple worms are. They aren't "AI" at all, they're just very simple network programs that happen to cause damage instead of performing useful tasks. Actually, from the worm writer's point of view they do perform useful tasks (harvesting e-mail addresses, sending spam, etc) but they do so without permission of the host they infect.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ip_conntrack and worms arthurb Linux - Networking 6 12-18-2004 12:52 PM
Playing Worms Armageddon, in Linux cheater1034 Linux - Software 4 09-21-2004 10:52 AM
Viruses, Worms and Linux programmershous Linux - General 2 03-15-2004 09:33 AM
Interrupting worms How To? pazvant Linux - Security 3 10-19-2003 06:14 PM
With all the worms going around... seabass55 Linux - Networking 5 08-22-2003 04:51 PM


All times are GMT -5. The time now is 08:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration