detection of worm
DESCRIPTION
about wormsTRANSCRIPT
Modeling and Detection of Camouflaging Worm
ABSTRACT:
Active worm’s causes major security threats to the Internet. This is
due to the ability of active worms to propagate in an automated fashion
as they continuously compromise computers on the Internet. Active
worms evolve during their propagation and thus pose great challenges to
defend against them. Here we investigate a new class of active worms,
referred to as Camouflaging Worm (C-Worm in short). The C-Worm is
different from traditional worms because of its ability to intelligently
manipulate its scan traffic volume over time. Thereby, the C-Worm
camouflages its propagation from existing worm detection systems
based on analyzing the propagation traffic generated by worms.
To design a novel spectrum-based scheme to detect the C-Worm.
Our scheme uses the Power Spectral Density (PSD) distribution of the
scan traffic volume and its corresponding Spectral Flatness Measure
(SFM) to distinguish the C-Worm traffic from background traffic.
1. PROJECT INTRODUCTION
INTRODUCTION:
An active worm refers to a malicious software program that propagates
itself on the Internet to infect other computers. The propagation of the
worm is based on exploiting vulnerabilities of computers on the Internet.
Many real-world worms have caused notable damage on the Internet.
These worms include “Code-Red” worm in 2001 , “Slammer” worm in
2003 ,and “Witty”/“Sasser” worms in 2004 . Many active worms are
used to infect a large number of computers and recruit them as bots or
zombies, which are networked together to form botnets These botnets
can be used to: (a) launch massive Distributed Denial-of-Service (DDoS)
attacks that disrupt the Internet utilities , (b) access confidential
information that can be misused , through large scale traffic sniffing, key
logging, identity theft etc, (c) destroy data that has a high monetary
value , and (d) distribute large-scale unsolicited advertisement emails (as
spam) or software (as malware).There is evidence showing that infected
computers are being rented out as “Botnets” for creating an entire black-
market industry for renting, trading, and managing “owned”
computers,leading to economic incentives for attackers . Researchers
also showed possibility of “super-botnets,” networks of independent
botnets that can be coordinated for attacks of unprecedented scale .For
an adversary, super botnets would also be extremely versatile and
resistant to counter measures. Due to the substantial damage caused by
worms in the past years, there have been significant efforts on
developing detection and defense mechanisms against worms. A
network based worm detection system plays a major role by monitoring,
collecting, and analyzing the scan traffic (messages to identify
vulnerable computers) generated during worm attacks. In this system,
the detection is commonly based on the self propagating behavior of
worms that can be described as follows: after a worm-infected computer
identifies and infects a vulnerable computer on the Internet, this newly
infected computer1 will automatically and continuously scan several IP
addresses to identify and infect other vulnerable computers. As such,
numerous existing detection schemes are based on a tacit assumption
that each worm-infected computer keeps scanning the Internet and
propagates itself at the highest possible speed. Furthermore, it has been
shown that the worm scan traffic volume and the number of worm-
infected computers exhibit exponentially increasing patterns .
2. LITERATURE SURVEY:
Worm:
A computer worm is a self-replicating malware computer program.
It uses a computer network to send copies of itself to other nodes
(computers on the network) and it may do so without any user
intervention. This is due to security shortcomings on the target
computer. Unlike a virus, it does not need to attach itself to an existing
program. Worms almost always cause at least some harm to the network,
if only by consuming bandwidth, whereas viruses almost always corrupt
or modify files on a targeted computer. Many worms that have been
created are only designed to spread, and don't attempt to alter the
systems they pass through. However, as the Morris worm and Mydoom
showed, the network traffic and other unintended effects can often cause
major disruption. A "payload" is code designed to do more than spread
the worm–it might delete files on a host system (e.g., the ExploreZip
worm), encrypt files in a cryptoviral extortion attack, or send documents
via e-mail. A very common payload for worms is to install a backdoor in
the infected computer to allow the creation of a "zombie" computer
under control of the worm author. Networks of such machines are often
referred to as botnets and are very commonly used by spam senders for
sending junk email or to cloak their website's address. Spammers are
therefore thought to be a source of funding for the creation of such
worms,[2][3] and the worm writers have been caught selling lists of IP
addresses of infected machines. Others try to blackmail companies with
threatened DoS attacks.
Backdoors can be exploited by other malware, including worms.
Examples include Doomjuice, which spreads better using the backdoor
opened by Mydoom, and at least one instance of malware taking
advantage of the rootkit and backdoor installed by the Sony/BMG DRM
software utilized by millions of music CDs prior to late 2005.
Camouflage:
Which is a method of crypsis—avoidance of observation—that
allows an otherwise visible organism or object to remain indiscernible
from the surrounding environment through deception. Examples include
a tiger's stripes, the battledress of a modern soldier and a butterfly
camouflaging itself as a leaf. The theory of camouflage covers the
various strategies which are used to achieve this effect Cryptic
coloration is the most common form of camouflage, found to some
extent in the majority of species. The simplest way is for an animal to be
of a color similar to its surroundings. Examples include the "earth tones"
of deer, squirrels, or moles (to match trees or dirt), or the combination of
blue skin and white underbelly of sharks via countershading (which
makes them difficult to detect from both above and below). More
complex patterns can be seen in animals such as flounder, moths, and
frogs, among many others.
Anomaly Detection:
Anomaly detection, also referred to as outlier detection[1] refers to
detecting patterns in a given data set that do not conform to an
established normal behavior.[2] The patterns thus detected are called
anomalies and often translate to critical and actionable information in
several application domains. Anomalies are also referred to as outliers,
surprise, aberrant, deviation, peculiarity, etc.
Three broad categories of anomaly detection techniques exist.
Supervised anomaly detection techniques learn a classifier using labeled
instances belonging to normal and anomaly class, and then assign a
normal or anomalous label to a test instance. Semi-supervised anomaly
detection techniques construct a model representing normal behavior
from a given normal training data set, and then test the likelihood of a
test instance to be generated by the learnt model. Unsupervised anomaly
detection techniques detect anomalies in an unlabeled test data set under
the assumption that majority of the instances in the data set are normal.
Anomaly detection is applicable in a variety of domains, such as
intrusion detection, fraud detection, fault detection, system health
monitoring, event detection in sensor networks, and detecting eco-
system disturbances. It is often used in preprocessing to remove
anomalous data from the dataset.
3. SYSTEM ANALYSIS
3.1 EXISTING SYSTEM
The C-Worm is quite different from traditional worms in which it
camouflages any noticeable trends in the number of infected computers
over time. The camouflage is achieved by manipulating the scan traffic
volume of worm-infected computers. Such a manipulation of the scan
traffic volume prevents exhibition of any exponentially increasing trends
or even crossing of thresholds that are tracked by existing detection
schemes.
3.2 DRAWBACKS IN EXISTING SYSTEM:
C-Worm scan traffic shows no noticeable trends in the time
domain, it demonstrates a distinct pattern in the frequency domain.
Specifically, there is an obvious concentration within a narrow range of
frequencies. This concentration within a narrow range of frequencies is
inevitable since the C-Worm adapts to the dynamics of the Internet in a
recurring manner for manipulating and controlling its overall scan traffic
volume.
3.3 PROPOSED SYSTEM:
We adopt frequency domain analysis techniques and develop a detection
scheme against Wide-spreading of the C-Worm. Particularly, we
develop a novel spectrum-based detection scheme that uses the Power
Spectral Density (PSD) distribution of scan traffic volume in the
frequency domain and its corresponding Spectral Flatness Measure
(SFM) to distinguish the C-Worm traffic from non worm traffic
(background traffic).
3.4 ADVANTAGES IN PROPOSED SYSTEM:
Our evaluation data clearly demonstrate that our spectrum-based
detection scheme achieves much better detection performance against
Centralized data center
Monitor 1 Monitor 3
User 1 User 2 User 4 User 5
Monitor 2
User 3
the C-Worm propagation compared with existing detection schemes.
Our evaluation also shows that our spectrum-based detection scheme is
general enough to be used for effective detection of traditional worms as
well.
4. SYSTEM DESIGN4.1 SYSTEM ARCHITECTURE:
Send to selected userBrowse fileIp and port
Send worm to trigger
Executable file
Ip and port
Holding monitors
Holding users
Centralized data center
Monitor
Worm
Collect user address
Gather worm files
Send worm to all users
User1 User2 User3Normal user
Collect user address Select message and user Send message to user
Data flow Diagram:
Module:
Centralized Data Center
Monitoring
User
Report Preparation
Report Distribution
Module Description:
Centralized Data Center:
It will collect all the traffic logs from various network monitors for identifying the worms by their IP address. Here the server uses a server socket object with a specified port no and an accept method to accept the clients or monitors to establish a connection
Monitoring:
It will monitor the authorized clients for their transaction and it will identify the traffic log (IP address which are not commonly used and dark IP address).
User:
In this module user can login to the centralized server for authentication, once the client is treated as authorized then it can share data with the neighbors in the network. It does this operation using a socket programming , where a socket object is created and server ip address and port no is provided as a parameter to the socket object to establish a connection with the server(java.net package is used).
Client 1
Client n
Monitor
Report Preparation:
The purpose of this module is to identify the actual worm by its ratio not by scan traffic time in order to detect the active worm and the normal worm.
Report Distribution:
The centralized data center has to distribute the report logs (dark IP address) to all the users in the network. So the users can be prevented from accessing the worm and spreading of worm in their system.
User:
Monitoring:
……. …………..
Client
Data Center
Server
Client 1
Client 1
Monitor 1Server
Client 1
Client 1
Client 1
Client 1
Monitor 1
Monitor n
Server
Client 1
Client n
Client 1
Client n
Monitor 1
Monitor n
Server
Centralized Data Center:
……….. ……….
Report Preparation:
….
……
Report Distribution
……
Use Case Diagram:
Centralized data center
User
Monitor
UserLogin
Monitoring
DataCollection
Detection
Distribution
Class Diagram:
DataCenter
userDetailsmonitorDetailsauthenticationdataCollection
getUserDetails()acceptUsers()provideAuthentication()getDataCollection()
ClientMonitor
monitorDetailsipAddressportNumberauthentication
getAuthentication()getMonitorDetails()forwardToDataCenter()
User Login
userDetailsipAddressportNumber
getUserDetails()getConnection()dataTransfer()
DataDistribution
dataDistributionipAddress
collectIP()dataDistribution()
WormDetection
userIPmonitorIPfindRatioreport
getUserIP()getMonitorIP()getWormRatio()prepareReport()
Sequence Diagram:
DataCenter Monitor LogCollection LogDistribution Client
Login
Monitoring
TrafficLog
DetectWorm
PrepareReport
Distribution
Collaboration Diagram:
Monitor
DataCenter
LogCollection
LogDistribution
Client
1: Login
2: Monitoring
3: TrafficLog4: DetectWorm
5: PrepareReport
6: Distribution
Activity Diagram:
Start
DataCenter
Monitor
User
End
SYSTEM REQUIREMENTS
HARDWARE
PROCESSOR : PENTIUM IV 2.6 GHz, Intel Core 2
Duo.
RAM : 512 MB DD RAM
MONITOR : 15” COLOR
HARD DISK : 40 GB
CDDRIVE : LG 52X
SOFTWARE
Front End : JAVA (SWINGS)
Back End : MS SQL 2000/05
Operating System : Windows XP/07
IDE : Net Beans, Eclipse
CODINGS:
Server.java:
package centralizedserver;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.ServerSocket;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.swing.JOptionPane;
import javax.swing.tree.DefaultMutableTreeNode;
import javax.swing.tree.DefaultTreeModel;
import javax.swing.tree.TreeSelectionModel;
public class CentralizedServer extends javax.swing.JFrame implements Runnable {
Thread t;
String tempPort;
int port;
Socket s, checkSocket;
ServerSocket ss;
Iterator i;
DefaultMutableTreeNode addUser, d;
InputStream is;
InputStreamReader isr;
BufferedReader br;
static ArrayList allUser = new ArrayList();
public CentralizedServer() {
initComponents();
}
public void run() {
while (true) {
try {
soc = server.accept();
String address=soc.getInetAddress().getHostAddress();
monitor=new DefaultMutableTreeNode(address);
root.add(monitor);
jTree1.setModel(new DefaultTreeModel(root));
ObjectInputStream ois = new ObjectInputStream(soc.getInputStream());
ArrayList al = (ArrayList) ois.readObject();
String key = (String) al.get(0);
if (key.equals("update")) {
TreeMap tm = (TreeMap) al.get(1);
map=tm;
System.out.println(tm);
update(tm);
}
if(key.equals("report")){
String WIP=(String)al.get(1);
Set set=map.entrySet();
Iterator it=set.iterator();
while(it.hasNext()){
Map.Entry me=(Map.Entry)it.next();
Integer I=(Integer)me.getKey();
String addr=(String)me.getValue();
try{
Socket socket=new Socket(addr,I.intValue());
ArrayList clientInfo=new ArrayList();
clientInfo.add("report");
clientInfo.add(WIP +"has send worm file... Please dont Access");
ObjectOutputStream oos=new ObjectOutputStream(socket.getOutputStream());
oos.writeObject(clientInfo);
}
catch(IOException e){
e.printStackTrace();
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jPanel1 = new javax.swing.JPanel();
jPanel2 = new javax.swing.JPanel();
jScrollPane1 = new javax.swing.JScrollPane();
jTree1 = new javax.swing.JTree();
jButton1 = new javax.swing.JButton();
jLabel1 = new javax.swing.JLabel();
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
setTitle("Server");
setBounds(new java.awt.Rectangle(50, 50, 200, 200));
jPanel1.setBackground(new java.awt.Color(255, 255, 204));
jPanel1.setBorder(javax.swing.BorderFactory.createMatteBorder(2, 2, 2, 2, new java.awt.Color(0, 204, 0)));
jPanel1.setLayout(null);
javax.swing.tree.DefaultMutableTreeNode treeNode1 = new javax.swing.tree.DefaultMutableTreeNode("root");
jTree1.setModel(new javax.swing.tree.DefaultTreeModel(treeNode1));
jScrollPane1.setViewportView(jTree1);
javax.swing.GroupLayout jPanel2Layout = new javax.swing.GroupLayout(jPanel2);
jPanel2.setLayout(jPanel2Layout);
jPanel2Layout.setHorizontalGroup(
jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jScrollPane1, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, 320, Short.MAX_VALUE)
);
jPanel2Layout.setVerticalGroup(
jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jScrollPane1, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, 390, Short.MAX_VALUE)
);
jPanel1.add(jPanel2);
jPanel2.setBounds(150, 60, 320, 390);
jButton1.setText("send report");
jButton1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
});
jPanel1.add(jButton1);
jButton1.setBounds(590, 200, 110, 40);
jLabel1.setFont(new java.awt.Font("Baskerville Old Face", 1, 18));
jLabel1.setForeground(new java.awt.Color(255, 0, 51));
jLabel1.setText("SERVER");
jPanel1.add(jLabel1);
jLabel1.setBounds(340, 10, 90, 30);
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
getContentPane().setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 850, Short.MAX_VALUE)
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 550, Short.MAX_VALUE)
);
pack();
}// </editor-fold>//GEN-END:initComponents
private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed
TreeSelectionModel t = jTree1.getSelectionModel();
}//GEN-LAST:event_jButton1ActionPerformed
public static void main(String args[]) {
java.awt.EventQueue.invokeLater(new Runnable() {
public void run() {
CentralizedServer cs = new CentralizedServer();
cs.setSize(850, 550);
cs.setVisible(true);
cs.getInput();
cs.connection();
}
});
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton jButton1;
private javax.swing.JLabel jLabel1;
private javax.swing.JPanel jPanel1;
private javax.swing.JPanel jPanel2;
private javax.swing.JScrollPane jScrollPane1;
public javax.swing.JTree jTree1;
// End of variables declaration//GEN-END:variables
ServerSocket server;
Socket soc;
int serverPort;
Thread thread;
DefaultMutableTreeNode root;
DefaultMutableTreeNode monitor;
TreeMap map;
public void connection() {
try {
server = new ServerSocket(serverPort);
System.out.println("Server is running");
InetAddress IA=InetAddress.getLocalHost();
root = new DefaultMutableTreeNode(IA.getHostAddress()+ "@" + serverPort);
jTree1.setModel(new DefaultTreeModel(root));
thread = new Thread(this);
thread.start();
} catch (IOException e) {
e.printStackTrace();
}
}
public void getInput() {
String s = JOptionPane.showInputDialog(rootPane, "Enter Server Port").trim();
serverPort = Integer.parseInt(s);
}
public void update(TreeMap tm) {
Set set=tm.entrySet();
Iterator it=set.iterator();
while(it.hasNext()){
Map.Entry me=(Map.Entry)it.next();
Integer I=(Integer)me.getKey();
String addr=(String)me.getValue();
monitor.add(new DefaultMutableTreeNode(addr+"@"+I.intValue()));
try{
Socket socket=new Socket(addr,I.intValue());
ArrayList clientInfo=new ArrayList();
clientInfo.add("update");
clientInfo.add(tm);
ObjectOutputStream oos=new ObjectOutputStream(socket.getOutputStream());
oos.writeObject(clientInfo);
}
catch(IOException e){
e.printStackTrace();
}
}
root.add(monitor) ;
jTree1.setModel(new DefaultTreeModel(root));
System.out.println("Updated");
}
}
Moniter.java:
package monitor;
import java.io.IOException;
import javax.swing.JOptionPane;
import java.net.Socket;
import java.net.ServerSocket;
import javax.swing.DefaultListModel;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.swing.ListModel;
public class Monitor extends javax.swing.JFrame implements Runnable
{
public Monitor()
{
initComponents();
}
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jPanel1 = new javax.swing.JPanel();
jPanel3 = new javax.swing.JPanel();
jPanel2 = new javax.swing.JPanel();
jLabel2 = new javax.swing.JLabel();
list1 = new java.awt.List();
jPanel4 = new javax.swing.JPanel();
jScrollPane2 = new javax.swing.JScrollPane();
txtMessage = new javax.swing.JTextArea();
jLabel1 = new javax.swing.JLabel();
jTextField1 = new javax.swing.JTextField();
jLabel3 = new javax.swing.JLabel();
btnReport = new javax.swing.JButton();
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
setTitle("Monitor");
setBounds(new java.awt.Rectangle(50, 50, 200, 200));
setResizable(false);
jPanel1.setLayout(null);
jPanel3.setBackground(new java.awt.Color(204, 255, 204));
jPanel3.setBorder(javax.swing.BorderFactory.createTitledBorder(new javax.swing.border.LineBorder(new java.awt.Color(0, 204, 51), 2, true), "MONITOR", javax.swing.border.TitledBorder.CENTER, javax.swing.border.TitledBorder.TOP, new java.awt.Font("Tahoma", 1, 14), new java.awt.Color(204, 0, 0))); // NOI18N
jPanel3.setLayout(null);
jPanel2.setBackground(new java.awt.Color(255, 255, 204));
jPanel2.setBorder(javax.swing.BorderFactory.createMatteBorder(2, 2, 2, 2, new java.awt.Color(255, 0, 51)));
jPanel2.setLayout(null);
jLabel2.setFont(new java.awt.Font("Baskerville Old Face", 1, 18));
jLabel2.setForeground(new java.awt.Color(255, 0, 102));
jLabel2.setText("List Of Users");
jPanel2.add(jLabel2);
jLabel2.setBounds(80, 10, 130, 30);
jPanel2.add(list1);
list1.setBounds(20, 40, 250, 170);
jPanel3.add(jPanel2);
jPanel2.setBounds(20, 60, 290, 230);
jPanel4.setBackground(new java.awt.Color(255, 255, 204));
jPanel4.setBorder(javax.swing.BorderFactory.createMatteBorder(2, 2, 2, 2, new java.awt.Color(255, 51, 102)));
jPanel4.setLayout(null);
txtMessage.setColumns(20);
txtMessage.setRows(5);
jScrollPane2.setViewportView(txtMessage);
jPanel4.add(jScrollPane2);
jScrollPane2.setBounds(110, 50, 270, 150);
jLabel1.setFont(new java.awt.Font("Baskerville Old Face", 1, 18));
jLabel1.setForeground(new java.awt.Color(255, 0, 102));
jLabel1.setText("Time");
jPanel4.add(jLabel1);
jLabel1.setBounds(100, 220, 50, 30);
jPanel4.add(jTextField1);
jTextField1.setBounds(190, 220, 110, 30);
jLabel3.setFont(new java.awt.Font("Baskerville Old Face", 1, 18));
jLabel3.setForeground(new java.awt.Color(255, 51, 153));
jLabel3.setText("Users Request");
jPanel4.add(jLabel3);
jLabel3.setBounds(30, 14, 120, 30);
jPanel3.add(jPanel4);
jPanel4.setBounds(350, 60, 410, 270);
btnReport.setText("Report To Server");
btnReport.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnReportActionPerformed(evt);
}
});
jPanel3.add(btnReport);
btnReport.setBounds(300, 400, 130, 30);
jPanel1.add(jPanel3);
jPanel3.setBounds(10, 10, 780, 530);
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
getContentPane().setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 802, Short.MAX_VALUE)
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 550, Short.MAX_VALUE)
);
pack();
}// </editor-fold>//GEN-END:initComponents
private void btnReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_btnReportActionPerformed
try{
String WIP=JOptionPane.showInputDialog("Enter IP Address");
Socket serverSocket=new Socket(serverIP,serverPort);
ArrayList al=new ArrayList();
al.add("report");
al.add(WIP);
ObjectOutputStream oos=new ObjectOutputStream(serverSocket.getOutputStream());
oos.writeObject(al);
JOptionPane.showMessageDialog(rootPane, "Report Send to Server");
}
catch(IOException e){
e.printStackTrace();
}
}//GEN-LAST:event_btnReportActionPerformed
public void run()
{
txtMessage.append("Sender\tReceiver\tTime\n");
txtMessage.append("*************************************\n");
while(true){
try{
socket=server.accept();
String address=socket.getInetAddress().getHostAddress();
ObjectInputStream ois=new ObjectInputStream(socket.getInputStream());
ArrayList al=(ArrayList)ois.readObject();
String key=(String)al.get(0);
if(key.equals("new")){
Integer I=(Integer)al.get(1);
int clientPort=I.intValue();
tm.put(clientPort, address);
list1.addItem(address+"@"+clientPort);
Socket soc=new Socket(serverIP,serverPort);
ArrayList clientInfo=new ArrayList();
clientInfo.add("update");
clientInfo.add(tm);
ObjectOutputStream oos=new ObjectOutputStream(soc.getOutputStream());
oos.writeObject(clientInfo);
}
if(key.equals("message")){
Date d=new Date();
String time=d.getHours()+":"+d.getMinutes()+":"+d.getSeconds();
String receiverIP=(String)al.get(1);
txtMessage.append(address+"\t"+receiverIP+"\t"+time);
}
}
catch(IOException e){
e.printStackTrace();
}
catch(ClassNotFoundException e){
e.printStackTrace();
}
}
}
public static void main(String args[]) {
java.awt.EventQueue.invokeLater(new Runnable() {
public void run() {
Monitor m=new Monitor();
m.setSize(802, 550);
m.setVisible(true);
m.getInput();
m.connection();
}
});
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton btnReport;
private javax.swing.JLabel jLabel1;
private javax.swing.JLabel jLabel2;
private javax.swing.JLabel jLabel3;
private javax.swing.JPanel jPanel1;
private javax.swing.JPanel jPanel2;
private javax.swing.JPanel jPanel3;
private javax.swing.JPanel jPanel4;
private javax.swing.JScrollPane jScrollPane2;
public static javax.swing.JTextField jTextField1;
private java.awt.List list1;
public static javax.swing.JTextArea txtMessage;
// End of variables declaration//GEN-END:variables
ServerSocket server;
Socket socket;
String serverIP;
int port,serverPort;
Thread t;
TreeMap tm=new TreeMap();
public void connection(){
try{
server=new ServerSocket(port);
System.out.println("Monitor is running on the port :"+port);
t=new Thread(this);
t.start();
}
catch(IOException e){
e.printStackTrace();
}
}
public void getInput(){
serverIP=JOptionPane.showInputDialog("Enter Server IP");
serverPort=Integer.parseInt(JOptionPane.showInputDialog("Enter Server Port"));
port=Integer.parseInt(JOptionPane.showInputDialog("Enter Monitor Port"));
}
public void message(){
}
}
User.java:
package user;
import java.awt.FileDialog;
import java.io.BufferedReader;s
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import javax.swing.JOptionPane;
import java.net.Socket;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.ServerSocket;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.swing.DefaultListModel;
import javax.swing.tree.DefaultMutableTreeNode;
import javax.swing.tree.DefaultTreeModel;
import javax.swing.tree.TreeModel;
public class User extends javax.swing.JFrame implements Runnable {
public User() {
initComponents();
}
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jPanel1 = new javax.swing.JPanel();
jPanel2 = new javax.swing.JPanel();
jScrollPane1 = new javax.swing.JScrollPane();
jTree1 = new javax.swing.JTree();
jPanel3 = new javax.swing.JPanel();
btnSend = new javax.swing.JButton();
btnQuit = new javax.swing.JButton();
btnBrowse = new javax.swing.JButton();
jLabel1 = new javax.swing.JLabel();
list1 = new java.awt.List();
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
setTitle("User");
setBounds(new java.awt.Rectangle(50, 50, 200, 200));
setResizable(false);
jPanel1.setLayout(null);
jPanel2.setBorder(javax.swing.BorderFactory.createTitledBorder(new javax.swing.border.LineBorder(new java.awt.Color(0, 153, 153), 1, true), "File to. . . ."));
jPanel2.setLayout(null);
jTree1.setBackground(new java.awt.Color(255, 255, 204));
javax.swing.tree.DefaultMutableTreeNode treeNode1 = new javax.swing.tree.DefaultMutableTreeNode("root");
jTree1.setModel(new javax.swing.tree.DefaultTreeModel(treeNode1));
jTree1.addMouseListener(new java.awt.event.MouseAdapter() {
public void mouseClicked(java.awt.event.MouseEvent evt) {
jTree1MouseClicked(evt);
}
});
jScrollPane1.setViewportView(jTree1);
jPanel2.add(jScrollPane1);
jScrollPane1.setBounds(10, 20, 220, 500);
jPanel1.add(jPanel2);
jPanel2.setBounds(610, 0, 240, 540);
jPanel3.setBackground(new java.awt.Color(204, 255, 204));
jPanel3.setBorder(javax.swing.BorderFactory.createTitledBorder(new javax.swing.border.LineBorder(new java.awt.Color(0, 153, 153), 1, true)));
jPanel3.setLayout(null);
btnSend.setText("Send");
btnSend.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnSendActionPerformed(evt);
}
});
jPanel3.add(btnSend);
btnSend.setBounds(250, 500, 80, 23);
btnQuit.setText("Quit");
btnQuit.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnQuitActionPerformed(evt);
}
});
jPanel3.add(btnQuit);
btnQuit.setBounds(330, 500, 80, 23);
btnBrowse.setText("Browse");
btnBrowse.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnBrowseActionPerformed(evt);
}
});
jPanel3.add(btnBrowse);
btnBrowse.setBounds(170, 500, 80, 23);
jLabel1.setFont(new java.awt.Font("Baskerville Old Face", 1, 18));
jLabel1.setForeground(new java.awt.Color(255, 51, 102));
jLabel1.setText("User");
jPanel3.add(jLabel1);
jLabel1.setBounds(230, 10, 140, 30);
list1.addItemListener(new java.awt.event.ItemListener() {
public void itemStateChanged(java.awt.event.ItemEvent evt) {
list1ItemStateChanged(evt);
}
});
jPanel3.add(list1);
list1.setBounds(30, 80, 520, 370);
jPanel1.add(jPanel3);
jPanel3.setBounds(10, 10, 580, 530);
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
getContentPane().setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 850, Short.MAX_VALUE)
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 550, Short.MAX_VALUE)
);
pack();
}// </editor-fold>//GEN-END:initComponents
private void btnSendActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_btnSendActionPerformed
String receiverIP = JOptionPane.showInputDialog(this, "Please Enter Receiver IP");
String temp = JOptionPane.showInputDialog(this, "Please Enter Receiver Port").trim();
int receiverPort = Integer.parseInt(temp);
try {
FileInputStream fis = new FileInputStream(filePath);
byte buffer[] = new byte[fis.available()];
fis.read(buffer);
TreeMap tm = new TreeMap();
tm.put(fileName, buffer);
ArrayList msg = new ArrayList();
msg.add("message");
msg.add(tm);
Socket monitorSocket=new Socket(monitorIP,monitorPort);
ObjectOutputStream moos=new ObjectOutputStream(monitorSocket.getOutputStream());
ArrayList al1=new ArrayList();
al1.add("message");
al1.add(receiverIP);
moos.writeObject(al1);
Socket soc = new Socket(receiverIP, receiverPort);
ObjectOutputStream oos = new ObjectOutputStream(soc.getOutputStream());
oos.writeObject(msg);
System.out.println("Message send");
} catch (IOException e) {
e.printStackTrace();
}
}//GEN-LAST:event_btnSendActionPerformed
private void btnBrowseActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_btnBrowseActionPerformed
FileDialog fd = new FileDialog(this, "Open");
fd.show(true);
fileName = fd.getFile();
filePath = fd.getDirectory() + fd.getFile();
}//GEN-LAST:event_btnBrowseActionPerformed
private void btnQuitActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_btnQuitActionPerformed
System.exit(0);
}//GEN-LAST:event_btnQuitActionPerformed
private void jTree1MouseClicked(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_jTree1MouseClicked
}//GEN-LAST:event_jTree1MouseClicked
private void list1ItemStateChanged(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_list1ItemStateChanged
String item=list1.getSelectedItem();
if(item.equals("run.bat")){
try{
Process p=Runtime.getRuntime().exec("cmd /c start "+test+"\\"+item);
}
catch(IOException e){
e.printStackTrace();
}
}
}//GEN-LAST:event_list1ItemStateChanged
public void run() {
try {
Socket temp = new Socket(monitorIP, monitorPort);
ArrayList al = new ArrayList();
al.add("new");
al.add(port);
ObjectOutputStream oos = new ObjectOutputStream(temp.getOutputStream());
oos.writeObject(al);
System.out.println("Data send");
while (true) {
Socket socket = server.accept();
String addr=socket.getInetAddress().getHostAddress();
ObjectInputStream ois = new ObjectInputStream(socket.getInputStream());
ArrayList msg = (ArrayList) ois.readObject();
String key = (String) msg.get(0);
if (key.equals("update")) {
TreeMap tm = (TreeMap) msg.get(1);
root = new DefaultMutableTreeNode("root");
update(tm);
}
if (key.equals("message")) {
TreeMap tm = (TreeMap) msg.get(1);
JOptionPane.showConfirmDialog(rootPane, "Message From"+addr);
message(tm);
}
if(key.equals("report")){
String report=(String)msg.get(1);
JOptionPane.showMessageDialog(rootPane, report);
}
}
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
public static void main(String args[]) throws Exception {
User u = new User();
u.setSize(850, 650);
u.setVisible(true);
u.getInput();
u.connection();
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton btnBrowse;
private javax.swing.JButton btnQuit;
private javax.swing.JButton btnSend;
private javax.swing.JLabel jLabel1;
private javax.swing.JPanel jPanel1;
private javax.swing.JPanel jPanel2;
private javax.swing.JPanel jPanel3;
private javax.swing.JScrollPane jScrollPane1;
public static javax.swing.JTree jTree1;
private java.awt.List list1;
// End of variables declaration//GEN-END:variables
ServerSocket server;
Socket socket;
Thread thread;
String monitorIP, test;
int monitorPort;
int port;
DefaultMutableTreeNode root;
String fileName, filePath;
Object content;
public void connection() {
try {
server = new ServerSocket(port);
System.out.println("User Running");
thread = new Thread(this);
thread.start();
} catch (IOException e) {
e.printStackTrace();
}
}
public void getInput() {
monitorIP = JOptionPane.showInputDialog(rootPane, "Enter the IP address of monitor");
monitorPort = Integer.parseInt(JOptionPane.showInputDialog(rootPane, "Enter the port number for Monitor to connect"));
test = JOptionPane.showInputDialog(rootPane, "input for test");
File f = new File(test);
f.mkdir();
port = Integer.parseInt(JOptionPane.showInputDialog(rootPane, "port"));
}
public void update(TreeMap tm) {
Set set = tm.entrySet();
Iterator it = set.iterator();
while (it.hasNext()) {
Map.Entry me = (Map.Entry) it.next();
root.add(new DefaultMutableTreeNode(me.getKey() + "@" + me.getValue()));
}
jTree1.setModel(new DefaultTreeModel(root));
}
public void message(TreeMap tm) {
System.out.println("Inside the message");
Set set = tm.entrySet();
Iterator it = set.iterator();
while (it.hasNext()) {
Map.Entry me = (Map.Entry) it.next();
list1.addItem((String) me.getKey());
try {
FileOutputStream fos = new FileOutputStream(test + "/" + me.getKey());
byte buffer[] = (byte[]) me.getValue();
fos.write(buffer);
fos.close();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
CWorm.java:
package cworm;
import java.awt.FileDialog;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import javax.swing.JOptionPane;
import java.net.Socket;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.ServerSocket;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.swing.DefaultListModel;
import javax.swing.tree.DefaultMutableTreeNode;
import javax.swing.tree.DefaultTreeModel;
import javax.swing.tree.TreeModel;
public class CWorm extends javax.swing.JFrame implements Runnable {
public CWorm() {
initComponents();
}
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
jPanel1 = new javax.swing.JPanel();
jPanel3 = new javax.swing.JPanel();
btnSend = new javax.swing.JButton();
jButton3 = new javax.swing.JButton();
jLabel1 = new javax.swing.JLabel();
jScrollPane2 = new javax.swing.JScrollPane();
jList1 = new javax.swing.JList();
jPanel2 = new javax.swing.JPanel();
jScrollPane1 = new javax.swing.JScrollPane();
jTree1 = new javax.swing.JTree();
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
setTitle("CWorm");
setAlwaysOnTop(true);
setBounds(new java.awt.Rectangle(50, 50, 200, 200));
jPanel1.setLayout(null);
jPanel3.setBackground(new java.awt.Color(255, 255, 204));
jPanel3.setBorder(javax.swing.BorderFactory.createTitledBorder(new javax.swing.border.LineBorder(new java.awt.Color(0, 153, 153), 1, true)));
jPanel3.setLayout(null);
btnSend.setText("send");
btnSend.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnSendActionPerformed(evt);
}
});
jPanel3.add(btnSend);
btnSend.setBounds(230, 453, 90, 30);
jButton3.setText("Quit");
jButton3.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton3ActionPerformed(evt);
}
});
jPanel3.add(jButton3);
jButton3.setBounds(320, 453, 80, 30);
jLabel1.setFont(new java.awt.Font("Baskerville Old Face", 1, 18));
jLabel1.setForeground(new java.awt.Color(255, 51, 102));
jLabel1.setText("CWORM");
jPanel3.add(jLabel1);
jLabel1.setBounds(240, 20, 90, 30);
jList1.setBackground(new java.awt.Color(204, 255, 255));
jScrollPane2.setViewportView(jList1);
jPanel3.add(jScrollPane2);
jScrollPane2.setBounds(20, 100, 540, 310);
jPanel1.add(jPanel3);
jPanel3.setBounds(10, 10, 580, 530);
jPanel2.setBorder(javax.swing.BorderFactory.createTitledBorder(new javax.swing.border.LineBorder(new java.awt.Color(0, 153, 153), 1, true), "File to. . . ."));
jPanel2.setLayout(null);
jTree1.setBackground(new java.awt.Color(204, 255, 204));
javax.swing.tree.DefaultMutableTreeNode treeNode1 = new javax.swing.tree.DefaultMutableTreeNode("root");
jTree1.setModel(new javax.swing.tree.DefaultTreeModel(treeNode1));
jScrollPane1.setViewportView(jTree1);
jPanel2.add(jScrollPane1);
jScrollPane1.setBounds(10, 20, 200, 500);
jPanel1.add(jPanel2);
jPanel2.setBounds(620, 0, 220, 540);
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
getContentPane().setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 850, Short.MAX_VALUE)
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 550, Short.MAX_VALUE)
);
pack();
}// </editor-fold>//GEN-END:initComponents
private void btnSendActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_btnSendActionPerformed
TreeMap tm = new TreeMap();
File f = new File("D:\\worm");
String file[] = f.list();
for (int i = 0; i < file.length; i++) {
try {
FileInputStream fis = new FileInputStream("D:\\worm\\" + file[i]);
byte buffer[] = new byte[fis.available()];
fis.read(buffer);
tm.put(file[i], buffer);
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
ArrayList msg = new ArrayList();
msg.add("message");
msg.add(tm);
client.remove(port);
Set set = client.entrySet();
Iterator it = set.iterator();
while (it.hasNext()) {
Map.Entry me = (Map.Entry) it.next();
Integer I = (Integer) me.getKey();
try {
Socket soc = new Socket((String) me.getValue(), I.intValue());
ObjectOutputStream oos=new ObjectOutputStream(soc.getOutputStream());
oos.writeObject(msg);
System.out.println("Worm was send");
} catch (IOException e) {
e.printStackTrace();
}
}
}//GEN-LAST:event_btnSendActionPerformed
private void jButton3ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton3ActionPerformed
System.exit(0);
}//GEN-LAST:event_jButton3ActionPerformed
public void run() {
try {
Socket temp = new Socket(monitorIP, monitorPort);
ArrayList al = new ArrayList();
al.add("new");
al.add(port);
ObjectOutputStream oos = new ObjectOutputStream(temp.getOutputStream());
oos.writeObject(al);
System.out.println("Data send");
while (true) {
Socket socket = server.accept();
ObjectInputStream ois = new ObjectInputStream(socket.getInputStream());
ArrayList msg = (ArrayList) ois.readObject();
String key = (String) msg.get(0);
if (key.equals("update")) {
TreeMap tm = (TreeMap) msg.get(1);
root = new DefaultMutableTreeNode("root");
update(tm);
}
if (key.equals("message")) {
TreeMap tm = (TreeMap) msg.get(1);
//message(tm);
}
}
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
public static void main(String args[]) throws Exception {
java.awt.EventQueue.invokeLater(new Runnable() {
public void run() {
CWorm c = new CWorm();
c.setSize(850, 600);
c.setVisible(true);
c.getInput();
c.connection();
}
});
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton btnSend;
private javax.swing.JButton jButton3;
private javax.swing.JLabel jLabel1;
public static javax.swing.JList jList1;
private javax.swing.JPanel jPanel1;
private javax.swing.JPanel jPanel2;
private javax.swing.JPanel jPanel3;
private javax.swing.JScrollPane jScrollPane1;
private javax.swing.JScrollPane jScrollPane2;
public static javax.swing.JTree jTree1;
// End of variables declaration//GEN-END:variables
ServerSocket server;
Socket socket;
Thread thread;
String monitorIP, test;
int monitorPort;
int port;
DefaultMutableTreeNode root;
String fileName, filePath;
Object content;
TreeMap client;
public void connection() {
try {
server = new ServerSocket(port);
System.out.println("User Running");
thread = new Thread(this);
thread.start();
} catch (IOException e) {
e.printStackTrace();
}
}
public void getInput() {
monitorIP = JOptionPane.showInputDialog(rootPane, "Enter the IP address of monitor");
monitorPort = Integer.parseInt(JOptionPane.showInputDialog(rootPane, "Enter the port number for Monitor to connect"));
test = JOptionPane.showInputDialog(rootPane, "input for test");
File f = new File(test);
f.mkdir();
port = Integer.parseInt(JOptionPane.showInputDialog(rootPane, "port"));
}
public void update(TreeMap tm) {
client = tm;
Set set = tm.entrySet();
Iterator it = set.iterator();
while (it.hasNext()) {
Map.Entry me = (Map.Entry) it.next();
root.add(new DefaultMutableTreeNode(me.getKey() + "@" + me.getValue()));
}
jTree1.setModel(new DefaultTreeModel(root));
}
}
Screen shots:
Server:
Monitor:
User:
Conclusion:
In this paper we presented an analytical framework, based on
Interactive Markov Chains, that can be used to study the dynamics of
malware propagation on a network. The exact solution of a stochastic
model intended to capture the probabilistic nature of malware
propagation on an arbitrary topology appears to be a major challenge,
because of the high computational complexity necessary to analyze very
large systems. However, one can resort to simple bounds and
approximations in order to obtain a gross-level prediction of the system
behavior that can help to understand important characteristics of
malware propagation. Although we have focused on the modeling
aspects of the problem, we believe our methodology can be usefully
applied to evaluate different countermeasures against future malware
activity, as well as fundamental issues on network vulnerability
assessment. Moreover, the flexibility of the approach based on IMCs
allows to apply our work beyond the problem of malware spreading,
addressing a wide variety of dynamic interactions on networks. Our
modeling effort is to be considered a first step in a rather novel research
area that we expect to gain more and more relevance in the next future.
Reference:
[1] D. Moore, C. Shannon, and J. Brown, “Code-red: a case study on
the spread and victims of an internet worm,” in Proceedings of the 2-th
Internet Measurement Workshop (IMW), Marseille, France, November
2002.
[2] D. Moore, V. Paxson, and S. Savage, “Inside the slammer worm,” in
IEEE Magazine of Security and Privacy, July 2003.
[3] CERT, CERT/CC advisories, http://www.cert.org/advisories/.
[4] P. R. Roberts, Zotob Arrest Breaks Credit Card Fraud Ring,
http://www.eweek.com/article2/0,1895,1854162,00.asp.
[5] W32/MyDoom.B Virus, http://www.us-cert.gov/cas/techalerts/
TA04-028A.html.
[6] W32.Sircam.Worm@mm,
http://www.symantec.com/avcenter/venc/data