Devilfrank
Sehr aktiv
W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe.
You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.
Click here for more information on the vulnerability being exploited by this worm and to find out which Symantec products can help mitigate risk from this vulnerability.
NOTE: This threat will be detected by virus definitions having:
Defs Version: 50811s
Sequence Number: 24254
Extended Version: 8/11/2003 rev. 19
Also Known As: W32/Lovsan.worm [McAfee]
Type: Worm
Infection Length: 6,176 bytes
Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
CVE References: CAN-2003-0352
http://securityresponse.symantec.com/avcen...aster.worm.html
Symantec reagiert mit LiveUpdate.
You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.
Click here for more information on the vulnerability being exploited by this worm and to find out which Symantec products can help mitigate risk from this vulnerability.
NOTE: This threat will be detected by virus definitions having:
Defs Version: 50811s
Sequence Number: 24254
Extended Version: 8/11/2003 rev. 19
Also Known As: W32/Lovsan.worm [McAfee]
Type: Worm
Infection Length: 6,176 bytes
Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
CVE References: CAN-2003-0352
http://securityresponse.symantec.com/avcen...aster.worm.html
Symantec reagiert mit LiveUpdate.