Bugs. Blaster virus broke out all over the world in August 2003, 12. Because the virus is spread by using system vulnerabilities, all unpatched computer users will be infected with the virus, causing the computer to restart the system and unable to surf the Internet normally.
On may 1 day, 2004, the virus "worm". Sasser appears in the network, and the virus also spreads through system vulnerabilities. The computer infected with the virus will restart the system repeatedly, and the machine will run slowly and an abnormal error box will appear.
Four main differences between two kinds of malignant viruses:
First, the merits are different. Bugs. Blaster virus exploits the RPC vulnerability of the system. When a virus attacks the system, it will crash the RPC service, which is a remote procedure calling protocol used by the Windows operating system. Bugs. Sasser virus uses the LSASS service of the system, which is the local security authentication subsystem service used by the operating system.
Second, the generated files are different. Be a bug. When the Blaster virus runs, a process named msblast.exe will be generated in the memory, and a virus file named msblast.exe will be generated in the system directory. Be a bug. When the Sasser virus runs, a process named avserve.exe will be generated in the memory and a virus file named avserve.exe will be generated in the system directory.
Third, bugs. Blaster viruses from different ports will listen to port 69, simulate a TFTP server, and start an attack propagation thread, constantly generating attack addresses randomly, trying to spread through port 135 with RPC vulnerabilities. Bugs. Sasser virus will open a back door locally, listen to TCP port 5554, and then wait for the remote control command as an FTP server, frantically trying to connect to port 445.
Fourth, the targets are different. Bugs. Blaster virus attacks all computers with RPC vulnerabilities and Microsoft upgrade websites, while worms. Sasser virus attacks all computers with LSASS vulnerabilities, but so far no attacks on other websites have been found.