Solved

Initial a Process over the Network in Memory

Posted on 2001-07-30
3
183 Views
Last Modified: 2010-04-06
Hi,
I read the advisory from the Code Red Worm and I wonder how could a Executeable create a Process over the Network in an other Computers Memory (in Delphi)?

Cheers Micha
0
Comment
Question by:PROGRAMMING030999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Accepted Solution

by:
rondi earned 300 total points
ID: 6336929
Symantec says:

>The CodeRed Worm affects Microsoft Index Server 2.0 and >the Windows 2000 Indexing service on computers running >Microsoft Windows NT 4.0 and Windows 2000 that run
>IIS 4.0 and 5.0 Web servers. The worm uses a known buffer
>overflow vulnerability contained in the file Idq.dll...

>The worm sends its code as an HTTP request. The HTTP >request exploits a known buffer-overflow vulnerability, >which allows the worm to run on your computer. The >malicious code is not saved as a file, but is inserted >into and then run directly from memory...

I have no idea how the worm gets code encoded as an
HTTP request to be loaded into memory as executable code.
It's pretty smart, though.

Without knowing the internal workings of IIS's DLLs, I think it'd be pretty difficult to create a remote process
without using some other existing 'listener' on the remote
machine to instantiate the process.

rondi
0
 
LVL 26

Expert Comment

by:Russell Libby
ID: 8734998
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept rondi's comment as answer

Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
Thank you,
Russell

EE Cleanup Volunteer
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question