Gabor Szappanos VirusBuster
The early email worms did not pay much attention to their target selection. They either picked all names from the address books, or any text similar to an email address from the web browser's cache. If they directly targeted other computers, then the IP address selection was completely random, resulting in a huge percentage of useless probes. Some new worms introduced more careful techniques trying to avoid unnecessary network probes. Overcoming the limitations of email address stores, they started generating possible email addresses themselves. The IP address selection also evolved, first concentrating more on the subnet of the infected computer, then using weighted selection of target subnets. Also, the Internet worms did not bother about the operating environment expect them on the targets. Some new worms already bring with themselves everything that is needed: if they use SMTP to spread, then include an SMTP server inside themselves; if they spread using infected web page, then install a simple web server on the target thus enabling the spread.
Mathematical modelling proves that the success of a worm depends on the initial seeding. Virus authors use various methods (bot networks, email seeding, Usenet) to start up their creations. The presentation will cover in detail these new techniques.
