Decoding And Understanding Internet Worms presented at Blackhat Europe 2001

by Ryan Permeh, Dale Coddington,

Tags: Security Exploitation Reverse Engineering Analysis Malware

Summary : In the past months Internet worms have grown in popularity with the advent of Code Red, Code Red II, and Nimda. It is becoming increasingly important for both system administrators and security professionals alike to understand the ways worms proliferate and also ways to mitigate the spread of worms. Through lecture and hands-on laboratory exercises this course will take a look at worms ãunder the hoodä. This course will take the student through a historical overview of past worms and an actual analysis of a recent worm. Due to the technical nature of this course it is recommended that participants are familiar with using a disassembler. In order to participate in the hands-on segments of the course students are encouraged to bring a Windows 2000 laptop loaded with their disassembler of choice. Instructors will be using Ida Pro v4.17.
Dale Coddington is a Systems Security Engineer with eEye Digital Security, a computer security products and consulting company located in sunny Southern California. In the past Dale has conducted training courses at several Nasa Centers, State of Washington, Naval Justice Center, privately owned companies in the U.S. and abroad, and the U.S. Department of Justice. In 1999 Dale was appointed one of two technical consultants by the Defense Team of Kevin Mitnick.
Ryan Permeh is a Developer and Researcher with eEye Digital Security. He works on the Retina and SecureIIS product lines and leads Disassembly and Custom exploitation efforts for eEyeâs research Team. He has experience in NT systems and application programming as well as large scale secure network deployment and maintenance.