|
|
Rubrik: Virenwarnung/Aktuelle Meldungen Trend Mirco: "Yellow-Alert" ausgelöst: WORM_MSBLAST.A Dringend empfohlen, den Microsoft-Patch für RPC DCOM Buffer Overflow (12.08.03) - Die TrendLabs von Trend Micro warnen vor einem neuen Computerwurm namens WORM_MSBLAST.A, der den so genannten RPC DCOM Buffer Overflow ausnutzt. Diese Schwachstelle erlaubt einem Angreifer den Vollzugriff auf das infizierte System, d.h. jeder (bösartige) Code kann per Fernzugriff auf dem anvisierten Rechner ausgeführt werden. Zunächst verbreitete sich der Wurm in den USA und Lateinamerika, inzwischen wurden aber auch europäische und deutsche Unternehmen befallen. WORM_MSBLAS.A infiziert Windows NT, 2000 und XP Systeme. Trend Micro erkennt den Computerwurm ab Pattern-File 604, das auf www.trendmicro.de zum Download bereit steht.
Anzeige
Trend Micro empfiehlt dringend den Download des Microsoft Patches unter folgendem Link: www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp. Weitere Informationen zum
Virus lesen Sie bitte in der englischen Originalpresseinformation von Trend
Micro: Trend Micro Warns of WORM _MSBLAST.A (Aliases: W32/Lovsan.worm, Lovsan, W32.Blaster.Worm) Overall risk rating:
Medium Damage Potential: High Distribution Potential: High Trend Micro Pattern file required: 604 TrendLabs
has received several infection reports of this new worm, mostly in the US and
Latin America, which exploits the RPC DCOM BUFFER OVERFLOW, a vulnerability
in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call
(RPC) interface which allows an attacker to gain full access and execute any
code on a target machine, leaving it compromised. This worm has been observed
to continuously scan and send data to vulnerable systems in the network using
port 135. On the following system dates, it performs a Distributed Denial Of
Service attack against www.windowsupdate.com:
* On the 16th to the 31st day of the following months:
·
January
·
February
·
March
·
April
·
May
·
June
·
July
·
August
*
Any day in the months of September to December. The following text Strings visible in the worm body: I just
want to say LOVE YOU SAN!! billy
gates why do you make this possible ? Stop making money and fix your
software!! For more information on the RPC DCOM Buffer Overflow, please visit the
following Microsoft page: Microsoft
Security Bulletin MS03-026: www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
Applying Patches TrendLabs
advises all affected users to apply the patch issued by Microsoft available
from the following link: Microsoft
Security Bulletin MS03-026 http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
TrendLabs
also asks users to filter access to port 135 for trusted and internal sites
only. Additional Windows ME/XP Cleaning Instructions www.trendmicro.com/en/security/advisories/win_me_clean.htm
Running Trend Micro Antivirus Scan your
system with Trend Micro antivirus and delete all files detected as
WORM_MSBLAST.A. To do this, Trend Micro customers must download the latest
pattern file, available from http://www.trendmicro-europe.com
and scan their system. Other Internet users can use HouseCall, Trend Micro's
free online virus scanner http://housecall.antivirus.com,
at http://housecall.trendmicro.com. (ma) Trend Micro Tel. (089)
37479-700, Fax (089) 37479-799 E-Mail: sales@trendmicro.de Web: www.trendmicro.de |
