Save & ShareNetwork viruses
A network virus is a self-contained program (or set of programs) that can spread copies of itself or its segments across networks, including the Internet. Propagation often takes place via shared resources, such as shared drives and folders, or other network ports and services. Network viruses are not limited to the usual form of files or email attachments, but can also be resident in a computer's memory space alone (often referred to as memory-only worms).
In many cases, network viruses exploit vulnerabilities in the operating system or other installed programs. Some existing network viruses have the ability to spread themselves via legitimate network ports, such as port 80 (HTTP), 1434 (SQL), or 135 (DCOM RPC).
Once a network virus infects a new system, it often searches for other potential targets. It achieves this by searching the network for other vulnerable systems. Once a new vulnerable system is found, the network virus will attempt to infect the other system as well.
Some network viruses also have payloads, such as denial of service (DoS) attacks. When such an attack is carried out, infected computers will attempt to overwhelm the target system until it is unable to function properly. Example: The MSBLAST virus carried out a denial of service attack against the URL windowsupdate.com.
The most notorious network viruses are CodeRed, Nimda, SQLSlammer, and MSBlast.
CodeRed spreads as a series of packets in system memory via network port 80 (http) by exploiting a vulnerability hole (MS01-033) in Microsoft IIS (Internet Information Service).
Nimda spreads via network port 80 (http) by exploiting a vulnerability hole (MS00-078) in Microsoft IIS (Internet Information Service). Nimda is considered a blended threat, since it also has the ability to spread itself across the network via shared drives and email attachments.
SQLSlammer spreads as a series of packets in system memory via UDP network port 1434 (SQL) by exploiting a vulnerability hole in Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE).
MSBlast spreads via network port 135 (DCOM RPC) by exploiting a vulnerability in the Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. It also uses several other network ports (UDP 69, TCP 4444) during its propagation.
