How Worms Spread

[Traitor4000]

So I have become really interested in Malware Analysis and I have dedicated a lot of my time to learning more about this subject. I have been writing a pretty complex virus because I feel like someone who cant write these types of viruses have no business analyzing them. Anyways... I want to elevate the complexity of the project by creating a worm. I have tried to look into how these worms spread across a network. The most specific answer I have found is "they use vulnerabilities" ... Well no shit! So does anybody have a link or some specifics on how worms spread from computer to computer without user interaction?

[iTpHo3NiX]

https://www.securelist.com/en/threats/detect/viruses-and-worms?behavior=9

[Traitor4000]

Found this one for a good overview after digging: https://www.f-secure.com/en/web/labs_global/articles/about_worms

[d4rkcat]

http://namb.la/popular/

This is a pretty funny explanation about the Sammy worm (he's my hero)

[Kulverstukas]

Most worms spread by exploiting the user. Tricking them into running the program.
Some scan the local LAN and copy themselves to open folders, some spread through USB hiding files and creating shortcuts to the files that first run a worm and then open a file.

[Traitor4000]

Most worms spread by exploiting the user. Tricking them into running the program.
Some scan the local LAN and copy themselves to open folders, some spread through USB hiding files and creating shortcuts to the files that first run a worm and then open a file.

Yeah i know about about spreading via emails etc. Im trying to write one that uses an exploit to download itself on to the computer without any user interaction.

[iTpHo3NiX]

Yeah i know about about spreading via emails etc. Im trying to write one that uses an exploit to download itself on to the computer without any user interaction.

Java driveby maybe? You'll have to look for our build an exploit to have your thing ran. Maybe a dropper binded with an actual program. Or a fake program that "hacks boyfriends/girlfriends Facebook" is always a highly downloaded app, then it's just a matter of spreading it. Upload it on 4 shared and tpb, it will spread

[pivot3r]

From my understanding, self propagating worms generally work in the following way:

Let's assume an exploitable vulnerability is found in MegaFTP.  This allows for code execution on the box with MegaFTP installed.  Instance 1 of MegaFTP is compromised.  It will call back and download a copy of the worm.  The worm will then scan other devices looking for MegaFTP.  Probably with a port scan or the data in a TCP/UDP reply. something like

Code: [Select]

---Welcome to MegaFTP version 1.0.4---
From there the cycle continues.  Now, this is all my understanding, which could be completely wrong, I'm definitely not a malware expert.

[proxx]

So I have become really interested in Malware Analysis and I have dedicated a lot of my time to learning more about this subject. I have been writing a pretty complex virus because I feel like someone who cant write these types of viruses have no business analyzing them. Anyways... I want to elevate the complexity of the project by creating a worm. I have tried to look into how these worms spread across a network. The most specific answer I have found is "they use vulnerabilities" ... Well no shit! So does anybody have a link or some specifics on how worms spread from computer to computer without user interaction?

A very common spreading method is bruteforcel.
One of the most famous SSH worm back in the days did this, scary effective.
RPD gets bruteforced daily, pretty sure those come from worms.
Some address that was atacking our systems lately had the same port open which made my draw my conclusion, in fact all of them had.

[Deque]

You will find some answers in this book: http://rogunix.com/docs/Malware/The%20Art%20of%20Computer%20Virus%20Research%20and%20Defense.pdf

[Traitor4000]

Thanks a lot for all the help you guys pointed me in the right direction. Oh and deque that book is really interesting it is currently at the top of my reading list  .