List and explain the anatomy of a worm attack and the four steps to mitigate it.

List and explain the anatomy of a worm attack and the four steps to mitigate it.

The anatomy of a worm attack is as follows:

• The enabling vulnerability: A worm installs itself by exploiting known vulnerabilities in systems, such as naive end users who open unverified executable e-mail attachments.
• Propagation mechanism: After gaining access to a host, a worm copies itself to that host and then selects new targets.
• Payload: After a host is infected with a worm, the attacker has access to the host, often as a privileged user. Attackers can use a local exploit to escalate their privilege level to administrator.

The following are the recommended steps for worm attack mitigation:

• Step 1, Containment: Contain the spread of the worm into your network and within your network. Compartmentalize uninfected parts of your network.
• Step 2, Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.
• Step 3, Quarantine: Track down each infected machine in your network. Disconnect, remove, or block infected machines from the network.
• Step 4, Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.

Exam with this question: EWAN v4 Chapter 4 Check Your Understanding: Network Security