|
Computer Worms are destructive, self-contained programs that replicate from
machine to machine across network connections often clogging networks and
information systems as they spread.Their ability to spread quickly across
the Internet has made worms the weapon of choice for hackers and vandals.
Unlike viruses, worms do not depend on other carrier applications or software
hosts to multiply. A server-based worm is a new type of worm
that specifically attacks the web server and all its web applications. These
applications can include the OS, databases, or code sitting on your
application server from either 3rd party or in house developed software.
A server-based worm self-replicates malicious code that can contaminate
a large number of servers within minutes and get to the most vulnerable
servers within a few hours. Upon gaining a new �base for operation�, the
worm will cause a large amount of damage to the infected web site
by corrupting/deleting files, exposing sensitive information, and ultimately
creating a back door that any malicious hacker can use later to gain
complete control of the system. Once a site is penetrated it is used
for performing further attacks on other web sites.
In 2001, several major server-based worms were launched doing considerable
damage to web servers and the applications that reside on and behind them.
Within 24 hours of Nimda hitting, 50% of the infected hosts went offline. At
its peak, Code Red was infecting more than 2000 hosts a minute and is estimated
to have caused over $2.6 billion dollars in damage. Given the lack of time
and skills available to manually audit and patch these vulnerable sites, automatic
protection is required to protect against the next worm attack.
|
|
The Facts
Since August 1, Sanctum's own web site has been attacked by Code Red over
2,300 times and rejected.
Since September 18, Sanctum's site has seen over 23,500 entries in the AppShield
log attributed to attacks by Nimda and rejected. AppShield was rejecting
7,500 NIMDA worms a day!
Sanctum, and our AppShield customers saw:
- NO corrupted files
- NO downtime
- NO fear of a hacker walking in behind the attack and maliciously hacking the applications
- NO sleepless nights for our Webmaster
AppShield is your WORMshield! Why? The answer is quite simple because AppShield is:
- Worm independent
- One time fix — now and forever
- Eliminating ongoing maintenance and modifications
- Providing great forensics to give you the assurance that your site is worm free
- Proactive and preventative — you can stay productive!
|
|
AppScan
Sanctum�s AppScan is the only vulnerability assessment tool that uses
its policy recognition engine to identify holes, previously unknown, within
the application. This identification is crucial in finding the hole before
the worm strikes. Since the worms are injected through the use of known
Web server vulnerabilities, Sanctum�s AppScan will scan for those
vulnerabilities and provide the detailed application risk assessment required
to alert the users to any potential exposures in their applications with a
link to the patch or coding technique required to avoid further destruction.
This will allow users to fix the vulnerabilities before the next worm hits.
|