DRAG DROP
Your work as a network administrator at domain.com. Your boss, Mrs. Certkiller, is curious about Internet worms.
Match the characteristics with the proper worm.
A.
B.
C.
D.
Nimda is a computer worm, isolated in September 2001. It is also a file infector. It quickly spread, eclipsing the economic damage caused by past outbreaks such as Code Red.
Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, or 2000 and servers running Windows NT and 2000.
The worm’s name spelled backwards is “admin”.
Methods of infection
Nimda was so effective partially because it – unlike other famous malware like the Morris worm or Code Red – uses 5 different infection vectors:
via email
via open network shares
via browsing of compromised web sites
exploitation of various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities via back doors left behind by the “Code Red II” and “sadmind/IIS” worms. The Blaster worm (also known as Lovsan or Lovesan) was a computer worm that spread on computers running the Microsoft operating systems, Windows XP and Windows 2000, during August 2003.
The worm was first noticed and started spreading in the wild on August 11. The rate that it spread increased until the number of infections peaked on August 13. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster. The worm was programmed to start a SYN flood on August 15 against port 80 of windowsupdate.com, thereby creating a distributed denial of service attack (DDoS) against the site. The damage to Microsoft was minimal as the site targeted was windowsupdate.com instead of windowsupdate.microsoft.com to which it was redirected. Microsoft temporarily shut down the targeted site to minimize potential effects from the worm.
The worm spread by exploiting a buffer overflow in the DCOM RPC service on the affected operating systems, for which a patch had been released one month earlier in MS03-026 and later in MS03-039.
The SQL slammer worm is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000 victims within 10 minutes. Although titled “SQL slammer worm”, the program did not use the SQL language;it exploited two buffer overflow bugs in Microsoft’s flagship SQL server database product.
The Code Red worm was a computer worm released on the Internet on July 13, 2001. It attacked computers running Microsoft’s IIS web server. The most in-depth research on the worm was performed by the programmers at eEye Digital Security. They also gave the worm its name, a reference to a variety of Mountain Dew soft drink and the phrase “Hacked By Chinese!” with which the worm defaced websites. The worm exploited a vulnerability in the indexing software distributed with IIS, described in MS01-033, for which a patch had been available a month earlier.