[Year 12 SofDev] 2012 exam - definition of worm(s)

Kevork Krozian kevork at edulists.com.au
Thu Oct 10 23:22:41 EST 2013 

Hi Friends ,

 

 

  Just browsing through the 2012 VCAA exam and at first sight I am concerned
about Section B question 1 regarding the features of a worm.

 

1 a. What feature must malware contain to be called a worm?

 

The 2012 VCAA examiner's report in Section B 1(a) states that:

 

Acceptable responses included a reference to a worm being self-replicating
(i.e. creating a copy without the need for

human intervention).

For example:

It must replicate itself and spread over a network without user
intervention.

 

This is not correct. The self-replication is does not hinge on the absence
of human intervention which appears to be the interpretation the examiners
are using.

 

See the US governments paper on worms -
http://www.nsa.gov/ia/_files/support/WORMPAPER.pdf     ( well worth a
detailed read )

4.4.1.1 Types of Infection Vectors

Worms rely on two general methods to infect a host. Either they exploit a
flaw in software

running on a system, or they are the result of some action taken by a user.
After studying details

from our set of worms, we have been able to identify four distinct
categories of infection vectors.

They are:

*  An exploitable portion of network aware code

*  A vulnerable configuration of a network aware component

*  A user's action

*  An existing system backdoor

 

The majority of the worms in our sample set infected machines as a result of
a user directly executing the worm (i.e. by clicking on it).

Firewalls alone cannot address this infection mechanism since they cannot
block all means by which files enter systems. It is unrealistic to assume
that users will become cautious about

running unknown files.

 

 

Also, see
http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html#3



Worms


Computer worms are similar to viruses in that they replicate functional
copies of themselves and can cause the same type of damage. In contrast to
viruses, which require the spreading of an infected host file, worms are
standalone software and do not require a host program or human help to
propagate. To spread, worms either exploit a vulnerability on the target
system or use some kind of social engineering
<http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29>
to trick users into executing them. A worm enters a computer through a
vulnerability in the system and takes advantage of file-transport or
information-transport features on the system, allowing it to travel unaided.

 

So, both explanations show a worm can attack as a result of human action and
further reading shows some worms do their work as a result of human action.

 

There were 4 marks here and I hope students did not lose 2 or 3 marks here
based on an erroneous understanding of what "self-replicate" means.

 

Kind Regards

 

Kevork Krozian

Edulists Creator Administrator

www.edulists.com.au

tel: 0419 356 034

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/sofdev/attachments/20131010/ab938328/attachment.html

More information about the sofdev mailing list