Blaster - RPC DCOM worm hits the net
A malicious worm that exploits last month's RPC DCOM vulnerability struck the Internet Monday afternoon, targeting unpatched Windows 2000 and Windows XP machines.
The worm, dubbed "Blaster" and "LovSan" by security and anti-virus companies, attacks vulnerable machines over TCP port 135, then spawns a shell and initiates a TFTP file transfer to retrieve the worm's code.
The worm apparently has no malicious payload, but is reportedly crashing some PCs as it attempts to infect them. Additionally, according to an analysis from Symantec's DeepSight Threat Management System, the malware is programmed to launch a denial of service attack against Microsoft's windowsupdate.com site on August 16th.
[ Read more ]
- Press Release: World's First RPC Worm Found - Experts Forecast Large-Scale Infections (12 August 2003)
- Press Release: Internet Virus Alert: Central Command Warns Of New RPC Computer Worm Named Worm/Lovsan.A (12 August 2003)
- Press Release: Blaster Worm Exploits Microsoft Security Hole And Launches Attack On Update Website, Warns Sophos (12 August 2003)
- Virus News: Panda Software Alerts on New Worm W32/Blaster (12 August 2003)
- Advisory: Buffer Overrun In RPC Interface Could Allow Code Execution (17 July 2003)