Member
Hi,
I need some information on three type of viruses which are termed as the most worst one. They are MS Blaster, SQL Slammer & Nimda virus. What this virus actually do. Means how do they spread and what is the point where they get access. Also what are the changes made by them in the system. And also post some removal instructions for the same. Thanks.
Member
MS Blaster comes under worm category. The types under this are Win32. Poza, W32/Lovsan.worm, W32.Blaster.Worm, etc. Is it the first virus to exploit the vulnerability RPC / DCOM systems in Microsoft Windows, which allows remote processes to communicate. By exploiting the flaw through a buffer overflow, a malicious program can take control of the vulnerable machine. The worm is programmed in such a way to scan a range of IP addresses randomly looking for vulnerable systems to the RPC vulnerability on port 135. When the file is downloaded, it is executed, then it creates entries in the registry in order to restart automatically at every reboot. The location for it is HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ msblast.exe. To avoid the virus infection first right click on My Computer >Properties >Advanced >Startup and Recovery > Settings > Uncheck Automatically restart. Run a full system virus scan.
Member
SQL Slammer worm affects servers running Microsoft SQL Server or Microsoft SQL Desktop Engine. It allows the systems affected, to send the malicious packet to other SQL Server machines causing the slowdown, or even the fall of the affected network. This malicious code that runs the denial of service attack, is only memory-resident having no associated file. Because of this, those that do not perform antivirus scanning of memory, can not detect this worm. It should block UDP port 1434 where not needed, thus avoiding the spread of infection. SQLSlammer spreads through UDP packets to infect vulnerable systems as soon as they reach it. Once the worm gains control and begins to load WS2_32.DLL continuously send itself to port 1434/udp of IP address ranges in an infinite loop.
Member
The Nimda worm retrieves the list of addresses found in address books of Microsoft Outlook and Eudora, as well as e-mails contained in the HTML files on the disk of the infected machine. Then it ends to all recipients a mail whose body is empty, the subject is random and often very long and attached to an email attachment named Readme.exe or readme.eml. The virus using an extension like. eml exploit a vulnerability in Microsoft Internet Explorer 5. On the other hand, the Nimda virus can spread through shared folders of Microsoft Windows networks, infecting executable files. Indeed, the Nimda virus is also able to take control of a Web server Microsoft IIS by exploiting certain vulnerabilities. To eradicate the Nimda worm, the best method is to first disconnect the infected machine's network, then use a recent virus update or antivirus offered by Symantec.
Posting Permissions
Reply With Quote
Bookmarks