WoodiE
Kind of good admin
Administrator
I know alot of you guys on here either use the computer a lot or working with computers is your everyday job, so I think the info below could be of some use to you.
Aliases
W32/Lovsan.worm, W32.Blaster.Worm, WORM_MSBLAST.A, Win32.Poza, Worm/Lovsan.A
Type
Win32 worm
Description
W32/Blaster-A is a worm that uses the internet to exploit the DCOM vulnerability in the RPC (Remote Procedure Call) service. The DCOM vulnerability was first reported by Microsoft in mid-July. This worm does not use email to spread.
Targeted computers include the following Microsoft operating systems:
Windows NT 4.0
Windows NT 4.0 Terminal Services Edition
Windows XP
Windows Server 2003
(On Windows XP the exploit can accidentally cause the remote RPC service to terminate. This causes the Windows XP machine to reboot).
Windows 95/98/Me computers, which don't run an RPC service or have a TFTP client (default setting), are not at risk.
On finding a vulnerable computer system, the worm causes the remote machine to acquire a copy of the worm using TFTP, which is saved as msblast.exe in the Windows system folder.
Microsoft issued a patch for the vulnerability exploited by this worm on July 16, 2003. The patch is available from http://www.microsoft.com/technet/security/bulletin/MS03-026.asp.
From 16 August 2003, one month after the security patch was posted, the worm is programmed to launch a distributed denial-of-service attack on windowsupdate.com, which may severely impact access to the website Microsoft uses to distribute security patches.
Additionally the worm creates the following registry entry so as to run on system start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windows auto update
The worm contains the following text, which does not get displayed:
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
I came into work this afternoon and more then 80% of the computers here at the shop are because of this virus and the computer continue to keep coming in along with the endless amount of phone calls.
Update now if you haven't already!
-Michael
Aliases
W32/Lovsan.worm, W32.Blaster.Worm, WORM_MSBLAST.A, Win32.Poza, Worm/Lovsan.A
Type
Win32 worm
Description
W32/Blaster-A is a worm that uses the internet to exploit the DCOM vulnerability in the RPC (Remote Procedure Call) service. The DCOM vulnerability was first reported by Microsoft in mid-July. This worm does not use email to spread.
Targeted computers include the following Microsoft operating systems:
Windows NT 4.0
Windows NT 4.0 Terminal Services Edition
Windows XP
Windows Server 2003
(On Windows XP the exploit can accidentally cause the remote RPC service to terminate. This causes the Windows XP machine to reboot).
Windows 95/98/Me computers, which don't run an RPC service or have a TFTP client (default setting), are not at risk.
On finding a vulnerable computer system, the worm causes the remote machine to acquire a copy of the worm using TFTP, which is saved as msblast.exe in the Windows system folder.
Microsoft issued a patch for the vulnerability exploited by this worm on July 16, 2003. The patch is available from http://www.microsoft.com/technet/security/bulletin/MS03-026.asp.
From 16 August 2003, one month after the security patch was posted, the worm is programmed to launch a distributed denial-of-service attack on windowsupdate.com, which may severely impact access to the website Microsoft uses to distribute security patches.
Additionally the worm creates the following registry entry so as to run on system start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windows auto update
The worm contains the following text, which does not get displayed:
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
I came into work this afternoon and more then 80% of the computers here at the shop are because of this virus and the computer continue to keep coming in along with the endless amount of phone calls.
Update now if you haven't already!
-Michael
