Which of the following vulnerabilities did the Blaster worm exploit on target hosts? (Select the best answer.)
A.
a buffer overflow vulnerability in the DCOM RPC service
B.
a buffer overflow vulnerability in IIS software
C.
a buffer overflow vulnerability in Microsoft SQL Server
D.
a remote code execution vulnerability in the printer spooler service
E.
a remote code execution vulnerability in the processing of .lnk files
Explanation:
The Blaster worm exploited a buffer overflow vulnerability in the Distributed Component Object Model (DCOM)
Remote Procedure Call (RPC) service on Microsoft Windows hosts. The worm carried a destructive payload
that configured the target host to engage in Denial of Service (DoS) attacks on Microsoft update servers.Before Microsoft released a patch, several other worms exploited the vulnerability. For example, the Welchia
worm targeted the same vulnerability. Welchia was developed to scan the network for vulnerable machines,
infect them, and then remove the Blaster worm if present. It was even designed to download and install the
appropriate patch from Microsoft to fix the vulnerability that it and Blaster initially exploited to infect the target
machine. However, despite the goodnatured design intentions of the Welchia worm, its networkscanning
component inadvertently caused DoS attacks on several large networks, including those of the United States
armed forces.
Stuxnet is an example of a worm that exploited vulnerabilities in both the printer spooler service and the
processing of .lnk files. Stuxnet was used in an act of cyber warfare against Iranian industrial control systems
(ICSs). It was written to target specific ICSs by modifying code on programmable logic controllers (PLCs).
Stuxnet initially exploited vulnerabilities in the printer spooler service? however, later variants exploited a
vulnerability in the way that Windows processes shortcuts (.lnk files). Research from Symantec published in
2011 indicated that at the time, over 60% percent of the Stuxnetaffected hosts had been in Iran. Symantec
analyzed Stuxnet and its variants and discovered that five organizations were the primary targets of infection
and that further infections were likely collateral damage from the aggressive manner in which the worm spreads
throughout the network. Given the considerable cost in resources and manhours that would have been required
to craft the Stuxnet worm, it was theorized that it was likely intended to sabotage high value targets such as
nuclear materials refinement facilities.
SQL Slammer is an example of a worm that exploited a buffer overflow vulnerability in Microsoft Structured
Query Language (SQL) server software. SQL Slammer spread at a tremendous rate and was reported to have
infected as many as 12,000 servers per minute. Its high scanning rate generated enough traffic on many
networks to effectively produce DoS effects as collateral damage to the infection.
Code Red is an example of a worm that exploited a buffer overflow vulnerability in Microsoft Internet
Information Server (IIS) software. Although not as efficient as SQL Slammer, Code Red still managed to infect
as many as 2,000 hosts per minute. The initial Code Red variant failed to infect more than a single set of IP
addresses? however, a later variant was reported to have affected over 350,000 hosts within the first 14 hours
of its release into the wild.Cisco: The Internet Protocol Journal: Trends in Viruses and Worms