<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
h3
        {mso-style-priority:9;
        mso-style-link:"Heading 3 Char";
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:13.5pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.Heading3Char
        {mso-style-name:"Heading 3 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 3";
        font-family:"Times New Roman","serif";
        mso-fareast-language:EN-AU;
        font-weight:bold;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Hi Friends ,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> Just browsing through the 2012 VCAA exam and at first sight I am concerned about Section B question 1 regarding the features of a worm.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b><span style='font-family:"Times New Roman","serif"'>1 a. </span></b><span style='font-family:"Times New Roman","serif"'>What feature must malware contain to be called a worm?</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The 2012 VCAA examiner’s report in Section B 1(a) states that:<o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Times New Roman","serif"'>Acceptable responses included a reference to a worm being <u>self-replicating (i.e. creating a copy without the need for<o:p></o:p></u></span></p><p class=MsoNormal style='text-autospace:none'><u><span style='font-size:10.0pt;font-family:"Times New Roman","serif"'>human intervention).<o:p></o:p></span></u></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Times New Roman","serif"'>For example:<o:p></o:p></span></p><p class=MsoNormal><i><span style='font-size:9.0pt;font-family:"Times New Roman","serif"'>It <u>must</u> replicate itself and spread over a network <u>without user intervention.</u><o:p></o:p></span></i></p><p class=MsoNormal><i><span style='font-size:9.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></i></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Times New Roman","serif"'>This is not correct. The self-replication is does not hinge on the absence of human intervention which appears to be the interpretation the examiners are using.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Times New Roman","serif"'>See the US governments paper on worms - <a href="http://www.nsa.gov/ia/_files/support/WORMPAPER.pdf">http://www.nsa.gov/ia/_files/support/WORMPAPER.pdf</a> ( well worth a detailed read )<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-size:12.0pt;font-family:"Arial","sans-serif"'>4.4.1.1 Types of Infection Vectors<o:p></o:p></span></b></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Worms rely on two general methods to infect a host. Either they exploit a flaw in software<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>running on a system, or they are the result of some <u>action taken by a user</u>. After studying details<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>from our set of worms, we have been able to identify four distinct categories of infection vectors.<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>They are:<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:Symbol'>· </span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>An exploitable portion of network aware code<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:Symbol'>· </span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>A vulnerable configuration of a network aware component<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:Symbol'>· </span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>A user's action<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:Symbol'>· </span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>An existing system backdoor<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>The <u>majority of the worms in our sample</u> set infected machines as a result of a <u>user directly executing the worm</u> (i.e. by clicking on it).<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Firewalls alone cannot address this infection mechanism since they cannot block all means by which files enter systems. It is unrealistic to assume that users will become cautious about<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>running unknown files.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><p class=MsoNormal>Also, see <a href="http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html#3">http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html#3</a> <o:p></o:p></p><h3><span style='font-family:"Arial","sans-serif"'>Worms<o:p></o:p></span></h3><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of <a href="http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29">social engineering</a> to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>So, both explanations show a worm <u>can</u> attack as a result of human action and further reading shows some worms do their work as a result of human action.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>There were 4 marks here and I hope students did not lose 2 or 3 marks here based on an erroneous understanding of what “self-replicate” means.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'>Kind Regards</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='mso-fareast-language:EN-AU'>Kevork Krozian<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-AU'>Edulists Creator Administrator<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-AU'>www.edulists.com.au<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-AU'>tel: 0419 356 034<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>