Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WORM_MSBLAST.H

Feb 3, 2004 5:04AM PST

Virus type: Worm

Destructive: Yes

Description:


This memory-resident worm exploits RPC DCOM BUFFER OVERFLOW, a vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface, to infect remote machines. The vulnerability allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.

On the following system dates, it launches a thread that performs a distributed denial of service (DDoS) attack against windowsupdate.com:

On the 16th to the 31st day of the following months:
January
February
March
April
May
June
July
August
Any day in the month of September to December
For more information on the RPC DCOM Buffer Overflow, please visit the following Microsoft pages:


Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-039

More: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.H

Discussion is locked