the Internet Windows Android
Expand
the main

The worm of Morris: the history of the appearance of the virus, the principle of operation and various facts. Morris Worm, Computer Virus Virus Worm Morris Story

Circular Circular Code Diskettes is kept in the Boston Museum of Science. Photo: Intel Free Press

About how they told about the worm in the television, you can watch the video on YouTube. And we tell a little about technical side business

So, the student of Cornell University Robert Tappan Morris decided, according to him, evaluate the size of the Internet. He approached this thoroughly - wrote a complex program that can independently spread over the network and prevent attempts to stop it. It is easy to see that this functionality is clearly falling under. The worm of Morris did not cause any harm to the system, but the error in the program led to the fact that many computers launched the worm of tens of times, which overloaded the server, making it, in fact, inoperable. Looks like DDOS, isn't it?

How did the worm spread over the Internet? Nothing changed over the past 25 years - for this we used vulnerabilities. In the case of the worm of Morris - as many as three. First, the vulnerabilities of the implementation of Finger and Sendmail in the popular UNIX systems of that time allowed to run on remote computer arbitrary code. Secondly, if these options did not pass, the worm tried to connect to the RSH - the remote administration console. True, it takes a password for this, but the worm pick it up. It is very impressive that a large percentage of successfully selected passwords was achieved with a vocabulary of only 400 words, plus several obvious options, such as a password that matches the user name or compiled from the same letters in the reverse order. There are few need and today, few, and 25 years ago, even system administrators did not particularly care about it.

The worm was not programmed to malicious actions, but due to the error overloaded computers with work.

Penetrating on the computer, the worm changed the name of his process, deleted temporary files and accepted a number of measures that impede its detection, in particular encrypted its data in memory. Laundering on a new computer, the worm checked if the computer is already infected. When two copies are found on the computer, they "played bones", and one self-courted. Whether due to the Morris error, or for insurance from creating a simple "vaccine" based on this effect, in one case, from the seven, a new copy stopped playing "into survival" and continued to work under any conditions. It was this solution that led to the DDOS effect, the 1/7 coefficient turned out to be too large, and many computers re-infected dozens of times.

Despite the fact that the concept of the network worm itself was completely new for system administrators And for the proceedings, it was hastily to create working groups of programmers and administrators in MTI and Berkeley, literally in two days were identified and blocked "loopholes", through which the worm penetrated into the system, and the code of the infection was completely disassembled. In general, the worm was finished. Despite this, to eliminate the consequences of infection, by different estimates, was spent from 100 thousand to 10 million dollars.

Interestingly, Morris adopted to conspiracy could help him remain anonymous. But the father joined the case, also Robert Morris. The UNIX operating system co-author and director of research on the National Center for Computer Security at the National Academy of Sciences convinced the Son to admit the Son. The court, held in 1991, took into account this fact and issued a rather mild sentence to Morris: 3 years conditionally, a fine of 10 thousand dollars and 400 hours of public works. The lesson, by the way, went to Morris-younger benefit - he became a very respected member of the computer community. Among his success, the creation of one of the first platforms of ViaWeb online commerce (in the future, Yahoo! and renamed Yahoo Store), creating a startup-farm y Combinator, work on new programming languages \u200b\u200band a professorial degree in MTI.

America was shocked when the second November 1988 almost all computers that had access to the Internet (in America), about eight o'clock in the morning, which is called, "depended." At first, it was attributed to failures in the power system. But then, when the epidemic caused by the "worm of Morris" was happening, it became clear that the terminals were attacked by an unknown program at that time, which contained a code that was not amenable to exerting decryption. Not surprising! At that time, computers connected to the Internet were calculated only with tens of thousands (approximately 65,000 terminals) and mostly were presented in government circles or self-government bodies.

Virus "Worm Morris": what is it?

The type itself was the first of its kind. It was he who became a source of all other programs of this type, which today differ from the progenitor quite strongly.

Robert Morris "Worm" created his own, not even guessing what popularity he will conquer and what harm will be able to cause the economy. In general, it is believed to be, as they say, purely sports interest. But in fact, the introduction of Apranet's global network in the then global network, which, by the way, government, and military organizations were connected, caused such a shock from which America could not recover for a long time. According to preliminary estimates, the Computer virus "Chervy Morris" damaged about 96.5 million US dollars (and this is only the amount known from official sources). The amount given above is official. And the fact that not taken into account, probably not subject to disclosure.

Creator of the computer virus "Cervian Morris" Robert Morris: some facts from a biography

Immediately the question arises about who was this genius programmer, who was able to paralyze a computer system of the North American continent for several days.

The same respected resource "Wikipedia" suggests that at one time Robert was a graduate student of Cornell University of R. T. Morris (chance or coincidence?), At the Faculty of Computer Engineering.

The history of the creation and appearance of the virus

As it is believed, initially in the virus did not contain any threat. Fred Cohen studied the worm of Morris based on its calculation of malicious codes and revealed an interesting feature in it. It turned out that this is not at all a malicious program.

"The worm of Morris" (although it is considered today with a virus with a pentagon supply) was originally created as a means of testing vulnerabilities of systems based on "Intranet" (not surprisingly, the APRAnet users were injured).

As a virus affects the computer system

Robert Morris himself (the creator of the virus) is disabled in every possible way from the consequences of its "brainchild" by the United States, arguing that the distribution over the network provoked an error in the code itself. Given the fact that he received education at the university, especially at the Faculty of Informatics, it is difficult to agree with this.

So, the so-called "worm of Morris" was originally focused on intercepting messages between major organizations (including government and military). The essence of the impact was reduced to replacing the source text of the letter sent then on the APNET network, with the removal of headers and endings in the sendmail debug mode or when overflowing the network FingerD service buffer. The first part in a new letter contained a code compiled on a remote terminal, and the third consisted of the same binary codebut adapted for different computer systems.

In addition, a specialized tool was used, which allowed the logins and passwords using remote access To execute programs (Rexec), as well as calling a remote interpreter (RSH), which at the command level used the so-called "confidence mechanism" (now it is more associated with certificates).

Distribution rate

As it turns out, the creator of the virus was not at all a stupid man. He immediately realized that the longer the code, the longer the virus was introduced into the system. That is why the well-known "worm of Morris" contains a minimal binary (but compiled) combination.

Due to this, it was the same boom that, now at the level of state reconnaissance services, for some reason, it is customary to be silent, although the threat in self-copying was distributed almost in geometric progression (each copy of the virus was able to create from two or more own analogues).

Damage

No one, however, does not think about what damage can be applied to the same security system. Here the problem is, rather, what is the computer virus "Cervia Morris" in itself. The fact is that initially when penetrating the user terminal, the virus had to determine whether the system contains its copy. If this was the same, the virus left the car alone. Otherwise, it was introduced into the system and created his clone at all levels of use and control. It concerned the entire operating system as a whole, and installed user programs, and applications or applets.

The official figure called the US Department (approximately 96-98 million damage dollars) is clearly understated. If you look only for the first three days, it was already about 94.6 million). Over the subsequent days, the amount rose not so much, but here are the ordinary users suffered (the official press and the US Department are silent). Of course, at that time, the number of computers connected to the global web was approximately 65 thousand only in the United States, but also the fourth terminal suffered almost every fourth terminal.

Effects

It is easy to guess that the essence of the impact comes down to fully deprive the system of working capacity at the level of resource consumption level. Mostly, this refers to network connections.

The virus in the simplest case creates its own copies and initiates the launch of processes masking under system services (now even running on behalf of the administrator in the list of tasks dispatcher processes). And remove the threats from this list is not always possible. Therefore, when the processes associated with the system and the user are completed, you need to act extremely carefully.

What is Morris?

"The worm of Morris" and its creator at the moment feel very good. The virus itself is successfully isolated by the efforts of the same antivirus laboratories, as they have sourceon which the applet is written.

Morris in 2008 announced the output of an ARC language based on "LIPS", and in 2010 he became a nominee and winner named after the Vaizer Prize.

By the way, another interesting fact is that the state prosecutor Mark Rush acknowledged that the virus disabled a lot of computers by enforcing the completion of work, but still did not cause intentional damage to users of any level, since it was originally not a destructive program, but an attempt was not Checking the ability to interfere in the internal structure of existing systems. Compared to the fact that initially an attacker (voluntarily surrendered to the authorities) threatened a prison sentence for up to five years and 250 thousand dollars fine, he was separated by three years conditionally, a fine of 10 thousand dollars and 400 hours of public works. According to many lawyers (by the way, and the current) time, it is nonsense.

Several outcome

Of course, today to be afraid of such a threat that is in early harass computer equipment Represented the "Morris virus", naturally, is not worth it.

But what is interesting. According to the effects of malicious codes are subject to mainly Windows. And then suddenly it turns out that the virus body was originally developed for UNIX systems. What does this mean? Yes, only the fact that the owners of Linux and Mac OS, which are fundamentally based on the UNIX platform, it is time to prepare the means of protection (although it is believed that viruses are not affected by these OS, in the sense of what they were not written). Here, many users of Makov and Linuxoids are deeply mistaken.

As it turns out, even on mobile platforms Under the control of IOS, some threats (including the "worm of Morris") began to show their activities. First, this is an advertisement, then unnecessary software, then ... - crash system. It is involuntarily and thinking. But at the origins of this all stood some graduate student who made a mistake in his own tester program, which led to the emergence of what was customary to be called computer worms. And they, as you know, and the principles of exposure to the systems are somewhat different.

In a sense, such viruses become spies (spyware), which not only ship the system, but even in addition to all the passwords of access to sites, logins, PIN-codes of credit or debit cards and is still God knows what the ordinary user can Do not even guess. In general, the impact of this virus and to him like at this stage of development computer technology It is fraught with quite serious consequences, despite the most advanced ways of protection. And it is precisely the most vigilant to computer worms.

This is such an entertaining and extraordinary story, which will not forgive long. Interesting and safe to you on the network - without theft of data, the overload of the system and any spies like the "worm of Morris"!

Hamsters celebrated the anniversary of one rather unpleasant event - the worm of Morris turned 20 years old, reports.

Assessing the consequences of the first large attack on the network, it should be noted that the worm of Morris served as a formidable warning of the Internet community. He clearly demonstrated what serious danger to make mistakes in programs, and turned issues of network security in an important area of \u200b\u200bresearch and practical development.

"There has been really a very weighty event," said Eric Alman. In 1981, the University of California in Berkeley, Ollman, developed Sendmail, program with open source, managed email Internet. Currently, he holds the post of scientific director of Sendmail engaged in the sale of commercial versions of this program.

"The Internet Network was then very small and was considered a certain club in interest," Almman explained. - After Morris, the attack became clear that a certain part of the visitors could come to this "club" not with the best intentions. We realized that you need to urgently think about security. "

Despite the clear mechanism of the action of the worm and the grandiose noise rising around it, some argue that at that time he was not immediately appreciated.

"The most interesting lesson who taught us Morris worm is how short-term and minor conclusions turned out to be," said Professor of Columbia University Steve Bellovin, in 1988 he worked in Bell Labs on creating the first firewall. - People were able to see what threat would be carried in themselves software, But no one after that did not give the network security issues of serious attention. So it lasted until the mid-90s, it subsequently spawned a lot of additional difficulties. "

This historic worm was written by a student of Cornell University Robert Tappan Morris, whom, following the results of what happened in computer fraud. Today, Morris is a respectable Adjunct Professor at the Massachusetts Institute of Technology.

Launched at about six o'clock in the evening on November 2, 1988, the worm blocked about 10% of systems connected to the Internet. In total, through the Internet, more than 60 thousand computers were combined.

The worm of Morris was a self-propagating program that used the well-known weak points of a number of popular utilities, including sendmail programs that were responsible for the route of email, and Finger, allowed to find out who from users at the moment initiated a network session.

The worm of Morris managed to penetrate the systems running various options for UNIX. Rapidly moving on the net, the worm distributed all new copies, many times infecting computers, as a result of which failures began in the work of many systems.

"At first we did not guess where the threat could come from," Ollman recalled. - It was quite clear that this was done intentionally, but to unravel, who and why did it, we did not succeed. Panic began, which was quite explained despite the suggestion of this circumstance. "

Attack for a long time blocked the normal operation of the Internet, forcing a number of organizations, including the Pentagon, overlap its Internet gateways in order to avoid further infection.

"People disconnected from the Internet, because they were afraid of possible negative consequences," Alman noted. - However, the disconnection from the network has violated the work and the most important communication channels. That is why the recovery of the status quo had to wait quite a long time. "

At that moment, when the worm of Morris went to his way, the commercial Internet traffic and web sites had not yet existed. The range of victims was limited by research units of government departments, universities and a number of companies that used the network to transfer files and exchange email. Nevertheless, the attack news appeared in leading publications, in particular in The New York Times.

"It is thanks to the worm of Morris that many people first heard about the existence of the Internet," Bellovin said. - For most, the network has been associated with a new, strange and wonderland ... and suddenly it turned out that only one attacker can put the end to this world. I repeat, no one, with the exception of narrow specialists on computer theme, almost did not know anything about the Internet. "

For some, the appearance of the worm of Morris has become a turning point in his career. Eugene Spafford at that time worked as a senior teacher at the university Perdy. Today, Spafford holds the position of executive director of the Center for Education and Research in the field of information support and security at the University of Pernu. It is a recognized international authority in the field of Internet security.

"I was told that the study of the issues of applied computer security has no future," Spafford stressed. - And after the appearance of the worm of Morris, many people suddenly realized that computer systems went beyond the framework of the Mineframes environment, where everything was under control, and now we need a completely different security model. It is necessary to offer more advanced engineering solutions. "

Previously, researchers were developing only "useful" worms, thanks to which automatic installation software updates, But no one launched the destructive program uncontrollably into the network.

The worm of Morris became the predecessor of other well-known attacks, including the distribution of worms Melissa, Code Red and Slammer - all of them were directed against systems operating under the Microsoft software. Recently, worms have become less distribution compared to viruses and emails, the text of which contains links to malicious sites.

"In fact, Cerves today meet much less than viruses," Almman emphasized. - And for the average user the greatest danger represents the problem of phishing. "

"In recent years, we have not seen large-scale worms attacks, and there are several reasons at once," Bellovin explained. - An important role here played a wide dissemination of technology broadcasting network addresses and personalist firewalls, impede the contemporary worm penetration in the way that this worm of Morris had done. "

The worm of Morris anticipated the emergence of distributed attacks aimed at refusal to maintain, which are used by intruders to create overload and loss with Internet communication systems.

"So large-scale and simultaneous infection has not yet been registered, - Spafford emphasized. - In essence, it was the first attack aimed at refusal to maintain, which attracted the attention of people related to computer equipment. In addition, it became the first event, affecting the platform at once several manufacturers. At the same time, Sun and BSD UNIX systems were attacked, which is a big rarity. As a rule, the purpose of attack is only some kind of platform. "

Spafford compared the distribution of the worm of Morris with the actions of today's botnets - networks that unite a large number of Infected computers using them for spam mailing or distributed DOS-attacks.

"The software turns the system into zombies, and those as if slowly sprawling worms, replenish the rows of botnets," Spafford explained. - These systems do not cause refusal to maintain, but slowly seep on, automatically sending your code to other machines. Batnets keep under control already literally millions of cars: according to some estimates, their number reaches 100 million. "

Morris Worm at once compartment rather large internet segment. His appearance has become a very noticeable event. In contrast, today's attacks in the Internet are directed against individual systems, and their authors are trying to remain unnoticed. If earlier, curious students hacked up systems to increase their own self-esteem, modern viruses are increasingly criminalized, in every possible way masking their presence.

"Today, the attacks in the Internet are aimed at making a profit, and no profit does not bring any profits to the disconnection of individual network segments," Bellovin explained. - Initiating new attacks, sophisticated intruders behave very carefully. "

The worm of Morris, although it causes much less damage compared to its followers, remained for a long time in the memory of the computer community.

"The worm of Morris actually marked the beginning of the official development of the direction of computer security," Almanman emphasized. - Before that, very few specialists were engaged in security issues, moreover, they were mainly interested in the subject of encryption. A truly concept of computer security was allocated in a separate area of \u200b\u200bresearch only after the advent of the famous worm. "

In 1988, Robert Morris junior was created by the first mass network worm. 60 000-byte program was developed by calculating defeat operating systems UNIX BERKELEY 4.3. The virus was initially developed as harmless and was intended to be only secretive to penetrate the computing systems associated with the ARPANET network, and remain non-operated there. The viral program included components that allow to disclose passwords available in the infected system, which, in turn, allowed the program to mask for the task of legal users of the system, actually engaged in the reproduction and sending copies. The virus did not remain hidden and completely safe, as the author thought, due to minor errors made in the development, which led to the rapid uncontrollable virus self-being.

According to the most modest estimates, the incident with the worm of Morris cost more than 8 million hours of access loss and over a million hours of direct losses for restoring system performance. The total cost of these costs is estimated at $ 96 million (this amount is also not entirely justified, the costs of refining the operating system). Damage would be much more if the virus was originally created with destructive goals.

The worm of Morris struck over 6200 computers. As a result of a viral attack, most networks failed for up to five days. Computers that completed switching functions that operated as file-servers or performing other network work functions also failed.

On May 4, 1990, the Jury Court recognized Morris guilty. He was sentenced to conditional conclusion for a period of two years, 400 hours of public works and a fine of 10 thousand dollars.

Datacrime and Aids.

In 1989, Datacrime viruses were widespread, which since October 12 destroyed the file system, and before this date it was simply multiplied. This series of computer viruses began to spread to the Netherlands, USA and Japan in early 1989 and by September struck about 100,000 PEVM only in the Netherlands (which amounted to about 10% of their total number in the country). Even the company IBM responded to this threat by releasing its Virscan detector, which allows you to look for a characteristic string (signature) characteristic for one or another virus. file System. A set of signatures could be complemented and variable by the user.

In 1989, the first "Troyan horse" AIDS appeared. The virus was carried out inaccessible all the information on the hard disk and highlight only one inscription on the screen: "Send a check for $ 189 to such an address." The author of the program was arrested at the moment of checking the check and condemned for extortion.

The first virus was also created, opposing antivirus software - The Dark. Avenger. He infected new files while the antivirus program checked the hard disk of the computer.

November 2, 1988. The year Robert Morris is the younger, graduate student of the Faculty of Informatics Cornelia University infected with a large number of computers with the virus written by him. The virus was initially developed as harmless and had only aims to be secretly penetrated into computing systems associated with the network Arpanet. (Arpanet in 1989 officially renamed the Internet), and stay there are not necessary. The Morris virus is a representative of a viral family of network worms (Internet Worm), and is a 60 kilobyte program developed by the calculation of the defeat of UNIX Berkeley 4.3 operating systems.

At the same time, the fact that the father of the Father Virus is interesting - Robert Morris - Senior at that time held the position of Scientific Director of the National Center for Computer Security (NCSC - National Computer Security Center) - computer security expert. Morris - the older worked for many years in the AT & T Bell laboratory, where in the 60s participated in the development of Core Wars programs. By the way, the incident with the worm program almost did not affect Morris's career - the elder. In early 1989, he was elected to the Special Advisory Board at the National Institute of Standards and the Ministry of Commerce. The task of this Council includes developing conclusions and recommendations on the safety of computing systems of US government bodies, as well as solving issues arising from developing and implementing information protection standards.

The incident with the Morris virus gave impetus to the emergence of a whole industry of computer security - computer virology.

According to the most modest estimates, the Morris virus incident cost more than 8 million hours of access loss and over a million hours of direct losses for restoring system performance. The total cost of these costs is assessed by more than 98 million dollars. The virus struck over 6200 computers. As a result of a viral attack, most networks failed for up to five days. Computers that completed switching functions that operated as file-servers or performing other network work functions also failed. Damage would be much more if the virus was originally created with destructive goals.

In American reports from the place of events published by those leading newspapers as Chicago Tribune, New York Times and Boston Herald, the dynamics of the spread of the virus and the development of methods to combat it were widely illuminated, and also rose common problems ensuring the security of computer systems. Later, in analytical articles on this reason, unsolved problems related to the security of computer systems and legislative initiatives aimed at preventing such cases in the future were raised. In particular, there are two draft laws in the Chamber of Representatives, providing for criminal punishment for creating and distributing computer viruses.



In addition, the question of how to qualify a deed of Morris is widely discussed: whether Morris is a hero-hacker, which without applying to truly serious damage pointed to weaknesses in the national computer network, or he is a criminal who should be severely punished. At the same time, it is already expelled from the University of Cornell (with the right to submit an application for repeated accession after a year). Thus, Morris can reiterate an application for admission not earlier than the fall of 1990. In this case, the question of his arrival will be solved by the Administration.

"Modern history" of computer viruses.

- Arpanet. Officially renamed B. the Internet.

Appeared Trojan horse AIDS. The virus did an inaccessible all information on the hard disk and highlight only one inscription on the screen: "Send a check for $ 189 to such an address." The author of the program was arrested at the moment of cashing and convicted of extortion.

Created a virus to counter anti-virus software ("Dark Avenger" - The Dark Avenger). He infected new files while the antivirus program checked hDD Computer.



Cliff Stoll, an employee of Lawrence Berkeley National Laboratory published the book "Cukushkina Eggs" (The Cuckoo "s EGG), which warned that the World computer network It can serve not only the goals of good, but also actively used by military, criminals and hooligans. The table recommended adopting measures in advance to prevent such a development of events.

1990(December). In Hamburg (Germany), the European Institute of Computer Anti-Virus Research (EICAR) was created. Today, it is one of the most respected international organizations uniting almost all major antivirus companies.

1991 year. A program is written exclusively to create viruses - VCSVL.0.

Virus Satanbug. Amazes hundreds of computers in the capital of the United States, Washington. Even the computers of the White House suffer. The FBI arrested the author, they were a 12-year-old teenager.

Fixed appearance "Slow-up bombs" - Viruses that are activated upon reaching a specific date.

1994. In the UK, USA, Norway, several authors of viruses were arrested. They are separated by fines.

1995. Appearance macrowurusdesigned for defeat software MS Word.

1999. Postal virus Melissa. caused a global epidemic, struck tens of thousands of computers and damaged $ 80 million. After this incident in the world, the rolling demand for antivirus programs began. In 2002, the author of Melissa - 33-year-old programmer David Smith (David L. Smith) was sentenced to 20 months in prison.

2000, May. Melissa record broke a postal virus I love you! which struck millions of computers for several hours. The peculiarity of the virus was that the file attached to the letter with the virus body was activated automatically when the user opens the letter to read. The investigation showed that the virus was created by the Philippine student who was not convicted due to the lack of relevant laws in the Philippines legislation. In the same year, the first international agreement on countering computer viruses was signed.

year 2001. The Internet struck the postal virus Anna Kournikova.. 20-year-old Dutchman Jan De Vit (Jan De Wit) was sentenced to 150 hours of correctional work for creating this virus. The court came to the conclusion that he cannot accurately determine the amount of damage, which caused Anna Kournikov to the economy of the Netherlands. De Vita also confiscated a collection of 7.5 thousand viruses. De Vit stated the court that he did not have the idea that the program written by him would be a virus and would cause any damage to anyone.

2002. 13 nodal DNS-servers of the Internet, which ensure the functioning of the worldwide network, has been subjected to a DOS attack organized with the help of a network virus. Analysts warn that a well-prepared and conducted computer attack may destroy the Internet for weeks.

2003 (July). Distribution speeds broke "Worm" Slammer, infecting 75,000 computers in 10 minutes. As a result of the activation of the virus-worm Slammer, the speed of the network slowed down significantly, and some regions, for example, South Korea, turned out to be practically cut off from the Internet.

Viral attack began at 0:30 in time of the east coast of the United States or at 8:30 Moscow time. Where the source of infection was, it is still not known for sure. Some computer security specialists suggest that the virus has spread from the territory of the United States, others believe that his homeland is somewhere in Asia. In a few minutes worm using vulnerability in DBMS Microsoft SQL. Server 2000, flooded the Internet. Despite the small size of the virus ( 376 byte), it was able to create real traffic jams in data channels in data channels, because after infection of the computer, it begins to send its code for random IP addresses in an infinite cycle. If a vulnerable computer was found at any of the addresses, he infected and also started sending copies of the virus.

All this led to a large-scale growth of traffic. At the peak of the worm activity, hundreds of requests can come to one server per minute. Without handing over the increased load, some servers stopped working normally. At this time, only in the United States lost to 20% of IP packets, which is ten times higher than the normal level. According to reports, five of the thirteen root DNS servers suffered from attack.

About the program code error in MS SQL Server 2000 became known in the summer of 2002, and the correction to it is contained in the released Microsoft package of updates. Service Pack 3.. Nevertheless, administrators took the installation of patches only after the Slammer attack. However, it was possible to be a little: Microsoft website, from where it was possible to take the Service Pack, it turned out to be overloaded.

January 27, 2004. The beginning of the large-scale email worm epidemic Novarg.also known as MyDoom. All antivirus companies this worm assigned the maximum level of danger. The number of infected letters on the Internet is calculated by several millions of copies.

The worm applies via the Internet in the form of files attached to infected letters. Worm is windows Application (PE EXE file), has a size of 22,528 bytes, UPX is packaged. The size of the unpacked file is about 40kb. The worm is activated only if the user itself opens the archive and start the infected file (with double-clicking on the attachment). Then the worm installs itself in the system and launches the procedures for its distribution. The worm contains a "backdoor" -function that opens TSR ports with 3127 by 3198 what makes it possible remote control The infected system, finds mail addresses in the address book, Outlook, and sends itself to these addresses using its own SMTP client, and also programmed to hold DOS attacks on www.sco.com and www.microsoft.com.

Damage from the MYDOOM virus epidemic (he also novarq) became the largest in the history of Internet epidemics: it amounted to 2.6 billion dollars. Such estimates are contained in the report of English experts from MI2G.

May 3, 2004. The Internet detected a new Sasser worm. The worm was assigned the highest rating of danger. According to analysts, normal computer, connected to the Internet and not secured by means of protection, is infected with a worm within 10 minutes.

SASSER is distributed by using buffer overflow error in the LSAss.exe process on windows systems 2000, XP and 2003 Server. After infection, the worm system begins to use it for attacks to other computers via TCP port 445.

The worm is activated without user intervention and is able to hit any computer connected to the network, regardless of whether it is used at the moment or not. A sign of infection is various messages about system errors and spontaneous reboot of the system.

The further history of the development of computer viruses is closely intertwined with the history of the development of malicious software as a whole. There are practically no unique creative findings in it, but the desire for the light profit of intruders using this software is increasingly traced.

Did not find an answer to your question? Look at here
State Services Personal AccountState Services Personal Account
State Supervisory Cabinet- Entrance on SNILS and TelephoneState Supervisory Cabinet- Entrance on SNILS and Telephone
Single telephone rescue service in the Russian FederationSingle telephone rescue service in the Russian Federation