W32/Blaster Alert!

(Aug 12, 2003) From Sophos Website: W32/Blaster-A is a worm that scans networks looking for computers vulnerable to Microsoft’s DCOM RPC security exploit.

On finding a suitable victim the worm causes the remote machine to acquire a copy of the worm using TFTP, which is saved as msblast.exe in the Windows system folder.

Additionally the worm creates the following registry entry so as to run on system start:
HKLMSoftwareMicrosoftWindows CurrentVersionRunwindows auto update

After August 15 the worm will launch a distributed denial-of-service attack on windowsupdate.com

These are the links for countering this threat:

DCOM ISS Scanner
DCOM Cleaner for Infected Boxes
Microsoft Bulletin
Download the Patch from our ftp server

Leave a Reply

Your email address will not be published.

Enter Captcha Here : *

Reload Image