There are many different software vulnerabilities that, if exploited, can result in the software being completely taken over, data being stolen, or the prevention of the software from working at all (Martin, et al., 2011). In working to identify and describe one of those types of vulnerabilities and the famous attack that leveraged the exploit, it will be possible to better understand how such an attack could be minimized or prevented.
One of the most common forms of vulnerabilities is an issue with the code; if the code itself is poorly written, a malicious user will be able to create a code injection, resulting in the system reading “an attacker controlled file,” causing the system to “execute arbitrary code within the file” (Common Weakness Enumeration, n.d.). The Internet Worm, introduced in 1988, was one of the first to present in this manner (Spafford, 1988). The worm, designed to exploit “flaws in utility programs in systems based on BSD-derived versions of UNIX” caused issues with the program that it worked to infect while at the same time working to self-replicate and infect other computers with the same software (Spafford, 1988, p. 1).
Use your promo and get a custom paper on
"Common Software Vulnerabilities".
The appropriate use of a firewall and an antivirus program will work to ensure that the user does not get a worm, either on their computer or on the network, and by working to ensure that all software updates are installed as soon as they are available, it is possible to work to minimize the risk for worms on the computer (Microsoft, 2014). Though there are no surefire methods for preventing worms, by working to take the appropriate precautions, it is possible to ensure that the computer, and the network that it is on, have a better chance of remaining worm free for future use.
- Martin, B., Brown, M., Paller, A., Kirby, D., & Christey, S. (2011). CWE -2011 CWE/SANS Top 25 Most Dangerous Software Errors. Cwe.mitre.org. Retrieved 30 May 2014, from http://cwe.mitre.org/top25/
- Microsoft.com. (2014). Antivirus protection and how to avoid viruses. Retrieved 30 May 2014, from http://www.microsoft.com/security/pc-security/antivirus.aspx
- Nvd.nist.gov. (n.d.). Common Weakness Enumeration. Retrieved 30 May 2014, from http://nvd.nist.gov/cwe.cfm
- Spafford, E. (1988). The Internet worm program: An analysis. ACM SIGCOMM Computer Communication Review, 19(1), 17–57.