Eric Chien Symantec Security Response
Péter Ször Symantec Security Response
Exploits, vulnerabilities, and buffer-overflow techniques have been used by malicious hackers and virus writers for a long time. However, until recently, these techniques were not commonplace in computer viruses. The CodeRed worm was a major shock to the anti-virus industry since it was the first worm that spread not as a file, but solely in memory by utilizing a buffer overflow in Microsoft IIS. Many anti-virus companies were unable to provide protection against CodeRed, while other companies with a wider focus on security were able to provide solutions to the relief of end users. Usually new techniques are picked up and used by copy cat virus writers.
Thus, many other similarly successful worms followed CodeRed, such as Nimda and Badtrans.
In this paper, the authors will not only cover such techniques as buffer overflows and input validation exploits, but also how computer viruses are using them to their advantage.
Finally, the authors will discuss tools, techniques and methods to prevent these blended threats.
