12 of 15Image
Sasser, the buggy botnet
MS04-011 was one of those "uh-oh" Patch Tuesday releases. Experts looked at CAN-2003-0533 ("a Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME") and immediately knew a worm was on its way.
Blaster had paved this trail months before and Sasser followed the script. By the end of the month that worm, Sasser, appeared on the scene. Sasser was also distinguished by its bugginess. It caused system shutdowns of the sort pictured here.
Just as with Blaster, the author of Sasser, an 18 year-old German, was caught. Because he was a minor when he wrote it he was treated as one and received a suspended sentence.
Java applets, a rough grind
Believe it or not, when Java first appeared almost 20 years ago, security was one of the main points of it. How far it has fallen!
Java the language contains many features to make programming safer, but Java the environment for running those programs has proved buggy, leading to a large number of vulnerabilities and exploits, such asthis one. After Adobe improved their security in Flash and Acrobat, Java became the leading target for malware writers seeking to exploit Windows and, on occasion, non-Windows users.
As with Flash and Acrobat, no one Java vulnerability stands out, but there have been so many that Java itself is considered a problem on Windows PCs, and many recommend that it be removed.
In fairness to Java, it is basically the use of Java applets in browsers which have proven impossible to secure. Server-side Java is much more secure and successful.
Welchia: Just trying to help
Welchia is what they call a "helpful" worm. Instead of attacking, it attempts to download and install missing Windows security patches. What a great idea! What could possibly go wrong? go wrong? go wrong?
Because of the way the worm spread and the way it did its updates, it caused traffic storms on company networks as systems all pulled updates and communicated at the same time. Removal was a manual business, costing IT departments lots of time.
Welchia contains and displays many messages, including the ones displayed here, alluding to Japanese involvement in World War II.