Is Shockwave a computer virus?

The Shockwave virus was spread by exploiting the RPC vulnerability announced on July 21, 2003. The virus broke out in August of that year.

When the virus is running, it will continuously use IP scanning technology to find computers with Win2000 or XP systems on the network. After finding it,exploit the DCOM/RPC buffer vulnerability to attack the system. Once the attack is successful, the virus body will be transmitted to the other party's computer for infection, causing the system to operate abnormally, restart continuously, and even cause the system to crash. Collapse.(Recommended learning:PHP video tutorial)

In addition, the virus will also perform a denial of service attack on the system upgrade website, causing the website to be blocked and preventing users from upgrading through the website. system.

As long as there is an RPC service on the computer and no security patch is applied to the computer, there is an RPC vulnerability. The specific operating system involved is: Windows 2000\XP\Server 2003\NT4.0.

The blast virus is 6176 bytes long and is a hybrid virus with backdoor and worm functions. It includes three components: worm carrier, TFTP server file, and attack module. The virus will download and run the virus file msblast.exe.

The propagation mode of the shock wave is: scan-attack-copy.

The scanning strategy adopted by the scanning module is: randomly select a certain IP address, and then scan the hosts on this address range. Virus authors will make some improvements to the scanning strategy. For example, in the selection of IP address segments, they can mainly scan the network segment where the current host is located, and randomly select several small IP address segments for scanning external network segments. Limit the number of scans to only a few. Spread the scans over different time periods.

There are three principles for the design of scanning strategy: try to reduce repeated scanning to minimize the total amount of data packets sent by scanning; ensure that scanning covers as wide a range as possible; handle the time distribution of scanning so that scanning Don't focus on a certain period of time.

Once the existence of the vulnerability is confirmed, the corresponding attack steps can be carried out. The key issue in this part is the understanding and utilization of the vulnerability. After the attack is successful, a shell of the remote host is obtained. For example, for the win2k system, it is cmd.exe. After obtaining this shell, you have control over the entire system.

There are many ways to copy the process, which can be achieved by using the system's own program or by using a virus-generated program. The copying process is actually a file transfer process, and it is very simple to realize network file transfer.

For more PHP related technical articles, please visit thePHP Graphic Tutorialcolumn to learn!

The above is the detailed content of Is Shockwave a computer virus?. For more information, please follow other related articles on the PHP Chinese website!