Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32.Blaster.K.Worm

Feb 4, 2004 2:56AM PST

Discovered on: February 03, 2004
Last Updated on: February 04, 2004 09:46:40 AM

W32.Blaster.K.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP computers.

While Windows NT and Windows 2003 servers are vulnerable to the exploit if they are not properly patched, the worm is not coded to replicate to those systems. This worm attempts to download the mschost.exe file into the %Windir%\System32 folder, and then execute it.

W32.Blaster.K.Worm does not have a mass-mailing functionality.

For additional information, read the Microsoft article, "What You Should Know About the Blaster Worm and Its Variants."

We recommend that you block access to TCP port 4444 at the firewall level, and then block the following ports, if you do not use the following applications:


TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service (DoS) on the Microsoft Windows Update Web server (windowsupdate.com). This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.

Click here for more information on the vulnerability that this worm exploits and to find out which Symantec products can help mitigate risks from this vulnerability.


--------------------------------------------------------------------------------
Note: Virus Definitions released August 13, 2003 (20030813.009) detect this threat as W32.Blaster.Worm
--------------------------------------------------------------------------------


Also Known As: W32.Blaster.Worm, WORM_MSBLAST.H [Trend], Worm.Win32.Lovesan.a [Kaspersky], W32/Lovsan.worm.gen [McAfee]
Variants: W32.Blaster.Worm
Type: Worm

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.k.worm.html

Discussion is locked