11 of 15Image
billy gates why do you make this possible ?
Blaster, also known as MSblast, LovSAN and a few other names, was the first of a series of persistent worms using remotely-exploitable Windows vulnerabilities to spread. Microsoft first released the update for the vulnerability used by it in July of 2003 and everyone knew the race was on to create a worm with the flaw, a buffer overflow in the DCOM RPC procedures, a protocol for remote program calls over the network.
Blaster appeared first in August. The Chinese authors of the A variant built it by reverse-engineering the Windows patch. The executable contained many inexplicable and taunting statements, such as the one pictured here. Blaster was buggy and frequently caused system shutdowns.
Unusually for these things, the author of the B variant was caught. He was an 18 year old from Minnesota and he received an 18 month prison sentence.
Sasser, the buggy botnet
MS04-011 was one of those "uh-oh" Patch Tuesday releases. Experts looked at CAN-2003-0533 ("a Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME") and immediately knew a worm was on its way.
Blaster had paved this trail months before and Sasser followed the script. By the end of the month that worm, Sasser, appeared on the scene. Sasser was also distinguished by its bugginess. It caused system shutdowns of the sort pictured here.
Just as with Blaster, the author of Sasser, an 18 year-old German, was caught. Because he was a minor when he wrote it he was treated as one and received a suspended sentence.
Java applets, a rough grind
Believe it or not, when Java first appeared almost 20 years ago, security was one of the main points of it. How far it has fallen!
Java the language contains many features to make programming safer, but Java the environment for running those programs has proved buggy, leading to a large number of vulnerabilities and exploits, such asthis one. After Adobe improved their security in Flash and Acrobat, Java became the leading target for malware writers seeking to exploit Windows and, on occasion, non-Windows users.
As with Flash and Acrobat, no one Java vulnerability stands out, but there have been so many that Java itself is considered a problem on Windows PCs, and many recommend that it be removed.
In fairness to Java, it is basically the use of Java applets in browsers which have proven impossible to secure. Server-side Java is much more secure and successful.