| 词条 | Welchia |
| 释义 |
This worm infected systems by exploiting vulnerabilities in Microsoft Windows system code (TFTPD.EXE and TCP on ports 666–765, and a buffer overflow of the RPC on port 135). Its method of infection is to create a remote shell and instruct the system to download the worm using TFTP.EXE. Specifically, the Welchia worm targeted machines running Windows XP. The worm used ICMP, and in some instances flooded networks with enough ICMP traffic to cause problems.[2] Once on the system, the worm patches the vulnerability it used to gain access (thereby actually securing the system against other attempts to exploit the same method of intrusion) and run its payload, a series of Microsoft patches. It then attempts to remove the Blaster Worm by deleting MSBLAST.EXE. If still in the system, the worm is programmed to self-remove on January 1, 2004, or after 120 days of processing, whichever comes first. In September 2003, the worm was discovered on the US State Department's computer network, causing them to shut down their network for 9 hours for remediation.[3] See also{{Portal|Computer security}}
References1. ^{{cite web |url=https://www.giac.org/paper/gcih/517/welchia-worm/105720 |last=Bransford |first=Gene |title=The Welchia Worm |date=2003-12-18 |website=Global Information Assurance Certification |publisher=SANS Institute |access-date=2018-11-03}} 2. ^{{cite news |last=Naraine |first=Ryan |title='Friendly' Welchia Worm Wreaking Havoc |url=http://www.internetnews.com/ent-news/article.php/3065761/Friendly+Welchia+Worm+Wreaking+Havoc.htm |access-date=2018-11-03 |publisher=InternetNews.com |date=2003-08-19}} 3. ^{{cite news |url=http://www.cnn.com/2003/TECH/internet/09/24/state.dept.virus/index.html |title='Welchia worm' hits U.S. State Dept. network |first=Elise |last=Labott |date=2003-09-24 |publisher=CNN |access-date=2018-11-03}} External links
2 : Exploit-based worms|Computer worms |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。