Blended attacks: exploits, vulnerabilites and buffer overflow techniques in computer viruses presented at Virus Bulletin 2002

by Eric Chien (Symantec security response),


Summary : Exploits, vulnerabilities, and buffer-overflow techniques have been
used by malicious hackers and virus writers for a long time. However,
until recently, these techniques were not commonplace in computer
viruses. The CodeRed worm was a major shock to the anti-virus industry
since it was the first worm that spread not as a file, but solely in
memory by utilizing a buffer overflow in Microsoft IIS. Many
anti-virus companies were unable to provide protection against
CodeRed, while other companies with a wider focus on security were
able to provide solutions to the relief of end users.
Usually new techniques are picked up and used by copy cat virus

Thus, many other similarly successful worms followed CodeRed, such as
Nimda and Badtrans.
In this paper, the authors will not only cover such techniques as
buffer overflows and input validation exploits, but also how computer
viruses are using them to their advantage.
Finally, the authors will discuss tools, techniques and methods to
prevent these blended threats.