Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I have been referred here to ask this question, so I am doing a research on comp

ID: 661812 • Letter: I

Question

I have been referred here to ask this question, so I am doing a research on computer worms, I have been through several sites and a few caught my attention, I have learnt that worms propagate through email, there are types such as XSS worm and most of them are written in scripting languages and some through c and c++ which aren't scripting languages.

My question is how is a worm made in c and c++ and is able to propel through the internet, does it use some sort of protocol, I am not sure where to begin and how worms target vulnerablities, I am looking for a small explanation and probably some sort of code that shows it exploiting a vulnerability.

Explanation / Answer

A good example of a self-propagating worm which targeted a specific vulnerability was Sasser which exploited a vulnerability in Windows to propagate.

The author of the Sasser worm was monitoring the updates Microsoft releases for Windows. One of them was fixing something Microsoft referred to as a "Critical Remote Code Execution Vulnerability", which for a malware author reads "$$$ JACKPOT! $$$". By downloading and examining the update he found out how exactly the bug worked.

Every Windows installation has a background program called "Local Security Authority Subsystem Service" (lsass.exe) which starts with the system and listens to port 445. Any other system on the internet can connect to this service. However, they can not do anything unless they send the correct login credentials, so this service is usually harmless. But Microsoft found and fixed a bug in this program: When you send a specifically crafted message to it, a buffer overflow will happen and parts of this message will be executed as a program.

So the author wrote a program which (grossly oversimplified):

1) connects to random IP addresses, port 445
2) sends the malicious message including its own code

Related Questions

I have been doing the setup costs as 66000 ÷ 370 × 57 and get 10168... but it sa
Question #2338220
I have been doing web-based Javascript (vanilla JS, jQuery, Backbone, etc.) for
Question #646921
I have been dreaming about owning one of those decked out golf carts for quite s
Question #2766487
I have been editing my code for a while now where it will finally display the in
Question #3591503
I have been educating myself recently about the SHA-2 hashing algorithm, and in
Question #648618
I have been evaluating functions and doing fine until I get tothis questions thi
Question #3091342
I have been getting many incorrect answers recently, if you are unsure please do
Question #2909775
I have been given a Drupal project from an external web agency and have been try
Question #651529
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I have been referencing this website below to help me write this program in Java
Next
I have been researching on both open source software and off-the-shelf software

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.