ISSC361_Week 1.docx - MSBlast Worm MSBlast also known as...

This preview shows page 1 - 2 out of 2 pages.

MSBlast Worm MSBlast, also known as Blaster, was discovered by Microsoft Product Support Services (PSS) on Audust 11, 2003. The worm exploited a Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability on the Microsoft Windows 2000 and Windows XP systems (Microsoft, 2011). A worm is a malicious application that spreads via your computer network, but the most dangerous aspect of a worm is that it is able to replicate itself on your system without the need for human interactions. The worm replication could number in the thousands. It may also open TCP ports and attempt to flood the LAN with Denial of Service (DoS) data transmissions (Mitchell, 2013). Besides the Blaster, there are other variants of the worm including W32.Blaster.C.Worm, W32.Blaster.B.Worm, and W32.Randex.E, just to name a few (Microsoft Support, n.d.). Once the compromised host is able to connect to the target via TCP port 135, the worm on the target machine attempts to retrieve a copy of the file msblast.exe from the host. Once the retrieval is successful and the file msblast,exe is executed, the worm adds the value “windows auto update = msblast.exe to the local machine registry key, and cause the worm to

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture