衝擊波蠕蟲：修订间差异

衝擊波病毒（Worm.Blaster或Lovesan）是一種散播於Microsoft作業系統， Windows XP與Windows 2000的蠕虫病毒，爆發於2003年八月。

本蠕蟲第一次被注意並如燎原火般散佈，是在2003年的8月11日。它不斷繁植並感染，在8月13日達到高峰，之後藉助ISP與網路上散佈的治療方法阻止了此蠕蟲的散佈。

在2003年8月29日，一個來自明尼蘇達州的18歲年輕人Jeffrey Lee Parson由於創造了Blaster.B變種而被逮捕；他在2005年被宣判18個月的有期徒刑。

此蠕蟲試圖在8月15日發動一波SYN資訊洪水，目標是windowsupdate.com的80埠，藉此對此網站做出分散式阻斷服務攻擊（DDoS）。由於此蠕蟲的目標是windowsupdate.com（微軟的重定向網站）而非windowsupdate.microsoft.com（微軟更新的本站），因此微軟便暫時地關閉此網站以降低此蠕蟲對網站造成的可能影響。

此蠕蟲藉由一個在DCOM远程过程调用（RPC）出現的緩衝區溢位漏洞而在受影響的作業系統上散佈。此漏洞的修補檔已在一個月之前就已公佈在MS03-026以及MS03-039上。

本蠕蟲將兩段訊息隱藏在程式碼中，第一個是：

I just want to say LOVE YOU SAN!!

也因為此句話，本蠕蟲也稱為Lovesan蠕蟲。

第二個：

billy gates why do you make this possible ? Stop making money
and fix your software!!

是一個給比爾·蓋茨的訊息。他是微軟的開創者，以及本蠕蟲的攻擊目標。

雖然此蠕蟲只能在Windows 2000與XP上傳播，但是它也可讓執行RPC的作業系統如Windows NT、Windows XP (64 bit)與Windows Server 2003造成不穩。一但此蠕蟲在網路上偵測到連線（不論撥接或寬頻），它將會造成此系統的不穩定並顯示一道訊息以及在一分鐘之內重新開機：

Windows must now restart because the Remote Procedure Call
(RPC) Service terminated unexpectedly.

This error message and the Windows restart can be avoided by changing the properties of the Shutdown service, buying an infected user enough time to remove the virus from their system and install a patch removing the vulnerability. The procedure is done as follows:

• Go to Start->Run
• Type "services.msc" and press Enter
• Find the "Remote Procedure Call" service (not RPC Locator), right-click, and select Properties
• Select the Recovery tab, and set all failure actions to "Take no Action"
• Select OK

Because the Remote Procedure Call is an integral part of Windows, the failure actions should be reset to "Restart the Computer" as soon as the Blaster worm is removed.

Another method to stop the computer from restarting is as follows:

• Go to Start->Run
• Type "shutdown -a" and press Enter

If run as an Administrator, this will stop the reboot (-a stands for "Abort").

The above procedure must be done within the time limit displayed in the shutdown notice. The "shutdown.exe" file is not available within Windows 2000 unless you extract it from the Windows 2000 resource kit.

Additionally, systems running the Open Software Foundation's Distributed computing environment can be affected by traffic generated from the worm. Packets generated by the worm can cause DCE to crash causing a Denial of Service of DCE.

A rule-of-thumb for users of Microsoft Windows is that they should remain vigilant in keeping up-to-date with updates from Microsoft, as well as anti-virus software. Windows Update is especially crucial because malware such as the Blaster are often created upon vulnerabilities that are addressed by recent software patches, in hopes that many users are not yet fully protected.

在仔細檢查Blaster的程式碼後，研究者發現原始碼中內嵌了Parson的名字，而警方也因此逮捕了他。^{[來源請求]}

• CERT Advisory CA-2003-20
• Security Response site from Symantec
• Article from Vnunet

• Timeline of notable computer viruses and worms
• Crackers (convicted)

这是一篇與软件相關的小作品。您可以通过编辑或修订扩充其内容。 查 论 编