Shock wave inside
Author: Glen Tingquan
Time: 2003-07-21 AMs: Flashsky
Found MS Windows 2000 RPC Denial and Local Permissions Enhanced Vulnerabilities and provides a complete test code (see attached 1).
Time: 2003-07-21
Microsoft implemented the vulnerability and released the vulnerability: MS03-026: RPC interface arbitrary code can be executed
Time: 2003-07-22
Microsoft released patches for this vulnerability
http://www.microsoft.com/china/technet/security/bulletin/ms03-026.asp
Time: 2003-07-25 09:13 Characters: Flashsky
An article published in a well-known Forum in China published an article of LSD RPC overflow analysis, which announced the code to implement RPC overflow vulnerabilities, and detailed the basic principle (full text).
Time: 2003-07-25 to 2003-07-28
In this forum, the heroes of the road have modified the code provided by Flashsky.
Time: 2003-8-2 Discovery: Worm.SDBOTRPC "Rumet" virus
Using the RPC's Vulnerability Attack Network, the attack code is sent to the port listening to the RPC system service on the remote system, resulting in a remote system to crash using the RPC service or system.
Time: 2003-8-8 Discovery: Worm.Autorooter virus written in VB programming language
Time: 2003-8-10 Discovered the famous impact wave (Worm.Blaster) virus
Time: 2003-08-15 US media statement: "shock wave" virus is suspected of causing big power outages
http://www.duba.net/c/2003/08/15/89250.shtml
Time: 2003-08-18 There is a benign worm with insects, I don't know the name of the virus, first borrow the online name worm 2004, the virus also passes the computer, worm infection in the network through the RPC vulnerability After the system, the impact wave virus in the system is automatically cleared, and then according to the system language version is Simplified Chinese, traditional Chinese, Korean, English, and the system are Windows 2000 or Windows XP to download the corresponding MS03-026 patch to Microsoft Site, and can detect the system Time, if the system time is 2004, it automatically clears itself.
Time: 2003-8-20 Person: peipei
Worm 2004 The author appeared in a famous forum and announced the original code (see Annex 3), the full text is as follows: