|
|
Rubrik: Virenwarnung/Aktuelle Meldungen Symantec:
W32.Blaster.Worm Discovered on: August 11, 2003 This
worm will attempt to download and run the Msblast.exe file (12.08.03)
- Based on the number of submissions received from customers and based on
information from the Symantec's Deepsight Threat Management System, Symantec
Security Response has upgraded this threat to a Category 4 from a Category 3
threat.
Anzeige
W32.Blaster.Worm
is a worm that will exploit the DCOM RPC vulnerability (described in
Microsoft Security Bulletin MS03-026) using TCP port 135. This worm will
attempt to download and run the Msblast.exe file. Block access to TCP port 4444 at the firewall level, and then block
the following ports, if they do not use the applications listed: TCP Port 135,
"DCOM RPC" UDP Port 69,
"TFTP" The worm
also attempts to perform a Denial of Service (DoS) on windowsupdate.com. This
is an attempt to prevent you from applying a patch on your computer against
the DCOM RPC vulnerability. NOTE: This threat will be detected by virus definitions having:
·
Defs
Version: 50811s
·
Sequence
Number: 24254
·
Extended
Version: 8/11/2003, rev. 19 Symantec
Security Response has developed a removal tool to clean infections of
W32.Blaster.Worm. Also Known As:
W32/Lovsan.worm [McAfee] Type: Worm Infection Length: 6,176 bytes Systems Affected: Windows
2000, Windows XP Systems Not Affected:
Linux, Macintosh, OS/2, UNIX CVE References:
CAN-2003-0352 Weitere Details finden Sie unter: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html. (ma) Symantec (Deutschland) Lise-Meitner-Strasse
9, 85737 Ismaning Tel.
(069) 66410300, Fax (089) 9458-3040 E-Mail: corinna_pradel@symantec.com
Web: www.symantec.de |
