Internet worms are a typical example of invasive software. They are different from viruses, cause significant damage to computer networks, and have the ability to disrupt millions of computers all over the world, in a very short time span.

This book is meant for a professional audience, including security experts and academics. It could be used for a course related to computer security or invasive software.

The book contains 16 chapters. Chapter 1 introduces the topic of Internet worms. It discusses the costs incurred because of the damage caused by the worms, the objectives of the worm creators, and the cycle of worm releases. Chapter 2 attempts to define worms, and tries to distinguish between viruses and worms. The worm is visualized as being composed of five components. Ways in which worms find new victims and attack them are described. An analysis of the Ramen worm is performed, by way of example.

Chapter 3 is concerned with worm traffic patterns. Predictions about traffic patterns that could result from the introduction of worms into networks, and the actual patterns observed after the intrusion of the worms, are compared. Disturbances due to worms that could affect the Internet backbone are also discussed. Chapter 4 attempts to look at worms from a historical perspective, and come up with a taxonomy. Several worms are introduced, including the Morris, HI.COM VMS, DECNet WANK, Cheese, Adore, Melissa, Nimda, and Sapphire worms. These worms are classified as targeting either Unix or Windows systems.

Chapter 5 looks at how worms may be constructed with specific targets in mind, and with specific programming languages. Chapter 6 is concerned with the patterns of infection that result due to the spread of worms. Chapter 7 discusses the targets of attack, such as Windows/Unix servers, broadband users, intranet systems, routers, and embedded devices. Chapter 8 speculates on the capabilities of worms in the future. The author presents some signs of future worms. Those interested in defending against worms are urged to come up with a plan for action.

Chapter 9 is concerned with traffic analysis. The role of simulations, a growth in the volume of traffic (for instance, an increase in the number of hits on the server), a rise in the number of scans and sweeps, and changes in the traffic patterns of some hosts are discussed. The benefits and drawbacks of traffic analysis are elucidated. Tools for traffic analysis are discussed. Chapter 10 addresses honeypots and dark network monitors. The risks of using honeypots are highlighted, along with techniques for deploying them. The strengths and weaknesses of monitoring honeypots, and dark network monitors, are described.

Chapter 11 is concerned with techniques for detecting worms by employing signatures. The Slapper worm is analyzed as an illustrative example. The benefits and drawbacks of signature-based methods are also discussed. Chapter 12 discusses host-based defensive mechanisms. Restricting privileges, sandboxing, dispensing with unnecessary network services and features, and patching are described to illustrate strategies for defense.

Chapter 13 addresses firewall and network defenses. Perimeter firewalls and subnet firewalls, and their advantages and disadvantages, are discussed. Chapter 14 is concerned with proxy-based defenses and their strengths and weaknesses. Chapter 15 looks at ways of attacking a worm network. Chapter 16 is the concluding chapter; the threats due to existing worms and future worms are illustrated.

This book is worth reading because it focuses entirely on Internet worms. There is much to be learned from the disruption caused by various worms, in order to safeguard computer networks against the ill effects of invasive software. The author provides many references to the literature for the interested reader.