|
Description
and Impact:
Worm.Blaster exploits the Windows DCOM RPC (described in Microsoft
Security Bulletin MS03-026) vulnerability using TCP port
135. If successful, it will download and run a file : msblast.exe
and
alter the Windows registry to run this file at startup. The worm
has no mass-mailing functionality. It will then try to send itself
to other systems, attempting to spread by exploiting the DCOM vulnerability.
The worm also attempts to perform a Denial of Service (DoS) on the
Microsoft Windows Update Web server (www.windowsupdate.com). This
is an attempt to prevent you from applying a patch on your computer
against the DCOM RPC vulnerability.
Also
Known As: Worm.Blaster.Worm[Symantec], W32/Lovsan.worm
[McAfee], Win32.Poza [CA], Lovsan [F-Secure], WORM_MSBLAST.A [Trend],
W32/Blaster-A [Sophos], W32/Blaster [Panda], Worm.Win32.Lovesan
[KAV]
Type: Worm
Infection Length: 6,176 bytes
Systems Affected: Microsoft® Windows NT®
4.0 / Microsoft Windows® 2000 / Microsoft Windows XP /Microsoft
Windows Server™ 2003
Systems Not Affected: Linux, Macintosh, OS/2, UNIX,
Windows 95, Windows 98, Windows Me
How
to Tell If Your Computer Is Infected:
While some customers may not notice the presence of the worm infection
at all on their computer systems, typical symptoms may include Windows
XP and Windows Server 2003 systems rebooting every few minutes without
user input or Windows NT 4.0 and Windows 2000 systems becoming unresponsive.
Prevention
and Removal: Virus definitions have been released
on August 12, 2003 will detect this worm. Also Rising Anti-virus
Groups has developed a removal tool to clean infections of Worm.Blaster.
But
you MUST apply the patches
available from the link below to prevent re-infection.
More
information about the Microsoft vulnerability and operating system
patch information is available in Microsoft
Security Bulletin MS03-026 .
Download
and install the Windows security update (LINKS TO
THIRD PARTY SITES):
LINKS TO THIRD PARTY SITES
RISING IS PROVIDING THESE LINKS TO YOU ONLY AS
A CONVENIENCE, AND THE INCLUSION OF ANY LINK DOES NOT IMPLY ENDORSEMENT
BY RISING OF THE SITE. THE LINKS WILL LET YOU LEAVE RISING'S SITE.
THE LINKED SITES ARE NOT UNDER THE CONTROL OF RISING AND RISING
IS NOT RESPONSIBLE FOR THE CONTENTS OF ANY LINKED SITE OR ANY LINK
CONTAINED IN A LINKED SITE, OR ANY CHANGES OR UPDATES TO SUCH SITES.
RISING IS NOT RESPONSIBLE FOR WEBCASTING OR ANY OTHER FORM OF TRANSMISSION
RECEIVED FROM ANY LINKED SITE.
|
Rising Antivirus Software (Home Edition)
Mainland China Edition
