View Single Post
  #12  
Old September 1st 10, 01:47 AM posted to microsoft.public.windowsxp.security_admin
FromTheRafters[_3_]
external usenet poster
 
Posts: 102
Default Worm for Testing Purposes?

"dubya" wrote in message
...

"FromTheRafters" erratic @nomail.afraid.org wrote in message
...
"dubya" wrote in message
...
Hello\,

Does anyone know of a non-destructive, safe worm - one that doesn't
do anything but propagate and is easy to remove - that I can use for
testing in small networks?


There's no such thing, but there are things that come close.

You probably need to find another way of accomplishing what you want,
but 'what you want' isn't exactly clear in your post

Are you intending to study the worm, or are you trying to test a
network?

Sorry for the lack of clarity. Test the network. A mix of virtual
machines and hosts with various firewalls or lack thereof. I just
want to see what it gets through and what it doesn't. Nothing will be
connected to any public networks, so no risk to public bandwidth.


True worms are generally dependent upon software vulnerabilities. The
only test worms I know about are historical in nature, and were written
for historical exploits of historical vulnerabilities. Google Fred Cohen
and read some of his papers on viruses (many of what were called viruses
then were actually worms in retrospect now that worms are better
defined). Part of the reproductive function of his test virus asked the
user for permission to infect IIRC - something any self-respecting true
worm wouldn't dream of doing.

You could concieveably install the necessary vulnerabilities (retrograde
your patches for instance) to provide an environment that supports a
particular kind of worm (like CodeRed or Sapphire) - but what would be
the point then, as you wouldn't actually be testing the network.

....as for playing with worms, that might work, but it could be
dangerous.


Ads