As we all know, the MSBlaster worm created havok and destruction throughout the world, and forced Microsoft to take such a drastic measure to avoid the imposing threat. However the MSblaster worm was all but perfect, and caused many computers to show obvious symptoms, that ultimately caused its downfall. If MSblast didn't crash a system, or make it so obvious that it was present on a computer then its attack on Microsoft would've been that much deadlier, and if it had of been pointing in the right direction then it could have caused havoc.
What I am asking is would it be possible to re-write the msblaster virus to make it more stable, using a new exploit and completely new code? I don't want to make such a virus, but it would be interesting to know.

if that was true they still would benotice that there something wrong with the RPC connection.. i mean if about a 1000 computer connected at that poort you will notice it..

btw the exploit was allready notice by microsoft they know it from 29novermber 2002.

you can rewrite but it doesn't help you need to find a new exploit what ppl not now..

but well then i mean av computer/server are on the internet scanning and looking at there own p.c is something have change if that happend they will notice it..

and firewall they detected if somebody is connecting at that poort so..



i think there must be like a codered worm. but then with out a notice +de exploit isn't public or notice. then you could hack the world with out anybody will notice..

I have seen several recodes of dce-rpc exploit that do not crash rpc but its still typical of worms to dos the infected machine and thus arise suspicion.

The downfall of blaster wasn't the implementation of the worm. Well I guess it could have been multi-headed. Regardless, the reason why Blaster( am I the only one that thinks that is a horrible name) wasn't more damaging was because of ISP blocking the ports that are venerable. Also another problem with Worms is that good versions come out, where the payload is a cure. The first time we saw that was with linux worm, can't remember the name. Now M$03-043 that's a different story, it opens a random port starting at 1025-65535. You can't block all user-level udp ports. Now that worm is going be a bitch. Lets hope that it is multi-headed. I also really want an advanced polymorph virus, I mean I have read multiple papers on this subject and the is plenty of open source PE crypters out there. Also use a polymorph shell code, that isn't asking too much, even I have asm and how-to's for that.

KILL BILL

creating a virus is very difficult few people have a time even fewer have the talent and those that have may get into trouble


the msblaster virus uses a exploit which is discovered so if u use it again it would prove useless or worst off be warned


the other viruses that use difficult ports well those are diffierent but then again if they are discovered i am sure a solution has been found


so to create a new worm is intensely difficult but if u can do no 1 will stop u

The answer is yes, a better worm could be written, but ISPs and routers could be set to blacklist an IP if it was trying multiple ports of the same ip. It'd be relatively easy to do, and I don't think anyone would bother creating such a virus. But there are tons of machines out there that can still be exploited by RPC simply cause they don't update.

Thats why nimda in its time was so dangerous and powerful...it used unicode..and neither isps nor routers could block port 80. Thats why I find it strange that there wasn't a bigger worm for webdav. That used MSIIS (port 80) and at its peak millions of computers were vulnerable for webdav. Considering that the only way to block worms of that sort is by patching it would be very hard to secure global networks at a fast pace.