Discovered on: November 20, 2003
Last Updated on: November 21, 2003 09:32:51 AM
W32.Bolgi.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 445. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit (if not properly patched), the worm is not coded to replicate to those systems. This worm attempts to download the file to the %WinDir%\system32 directory and then execute it. W32.Bolgi.Worm does not have a mass-mailing functionality.
We recommend that you block access to TCP port 5732 at the firewall level, and then block the following ports (assuming you do not use the listed applications):
TCP Port 445, "SMB"
UDP Port 69, "TFTP"
Type: Worm
http://www.symantec.com/avcenter/venc/data/w32.bolgi.worm.html
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
W32.Bolgi.Worm
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic