Analysis and Detection the Computer Script Worms

Abstract

A Script worm is defined as a self-replicating and self-containing malicious scripting program that can copy itself to remote computer in network and execute automatically. In our work, we surveyed different types of script worms according to their spreading method like Drive, Email, Network and Chat script worms, and analyzed the characteristics of their source codes during the target finding and propagation phases of a worm’s life cycle. From analyzing process, we extracted general objects and methods that are mostly used by different types of script worms and established the malicious common fixed patterns from them. Analyzed source code and extracted malicious patterns enable us to identify the behavior of worms that could be helpful in developing a broad spectrum of Anti-Script worm system software to detect and remove script worms. When we implemented the proposed Anti-Script worm on the large number of the mentioned above script worms, we saw that this system could detect and remove nearly all the known and unknown script worms. Furthermore, the proposed system could distinguish between the malicious scripts and the benign script files that contained the suspicious objects and methods by checking all commands in every script files.