You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Anti-Virus

Anti-Virus White Papers

An OS Independent Heuristics-Based Worm-Containment System

Overview This paper presents an operating system independent and tamper-resistant worm-containment end-system. This system continuously observes outgoing network traffic over a finite-duration traffic window, and using heuristic rules executing in a secondary environment, detects infections. It automatically quarantines the infected host to stop further spread of the worm. The paper presents four heuristic rules, and using network traffic traces collected from an enterprise network demonstrate that a port/protocol-tuned version of the heuristic provides lowest false-positives rate for different settings. Using simulations, the paper further evaluates the effectiveness of this heuristic in containing the spread of a worm in a medium-sized network.

Further White Paper Details
Publisher	Intel	File Format	PDF
Date Published	August 2005
Format	White Papers
Topics	Anti-Virus, Network Security, Security Applications

Did you find this white paper useful? 1 out of 4 users found this white paper useful

Sophos Email Security and Control - Free 30 Day Trial

Publisher:
Sophos

Sophos Security Threat Report: Mid-Year Update

Publisher:
Sophos

Sophos Web Security and Control - Free 30 Day Trial

Publisher:
Sophos

Symantec Endpoint Protection 11.0 - Benefits of Upgrading

Publisher:
Symantec

Symantec Endpoint Security Bundles: New and Improved Symantec Multi-Tier Protection and Symantec Multi-Tier Protection Small Business Edition

Publisher:
Symantec

Slammer time - SQL worm brings net to its knees over weekend

A worm that attacks Microsoft's database software spread through the internet over the weekend, causing cash machines to stop issuing money, taking most of South Korea offline, and generally slowing down the internet.

Channel:
Security Strategy

Windows worm now spreading

Six months earlier, a researcher had released code that exploited the major Microsoft SQL vulnerability used by the worm to spread. It will also add a registry key to ensure that the worm is restarted when the host computer is rebooted.

Sasser worm infects a million computer systems

Like astronomers looking at a small portion of the universe to learn about the whole, security researchers have used the Sasser worm's impact on their local networks to extrapolate how far the worm has spread throughout the internet.

Channel:
Security Strategy

'Dangerous' Sasser variants already on the loose

Symantec's Huger said the amount of data that addresses port 445 makes it difficult to differentiate worm traffic from other, legitimate traffic. The worm spreads by scanning different ranges of internet addresses using a specific application data...

Channel:
Security Strategy

Latest Sasser variant encourages users to patch

The security company first captured a copy of the worm at 1 am on Sunday but Friedrichs said the spread of the infection is moving slow enough to indicate that the worm could have been released earlier in the week.

Channel:
Security Strategy

Zotob worm fails to wreak havoc

When a target system is found by Zotob, it installs a shell program on the computer that downloads the actual worm code, named Haha.exe, using FTP (File Transfer Protocol). A new worm that was unleashed over the weekend affects only a limited group...

Channel:
Malware
Tags:
zotob,
windows 2000,
virus,
worm

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Anti-Virus White Papers

An OS Independent Heuristics-Based Worm-Containment System

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific