Microsoft Security Update

The Microsoft Product Support Services Security Team is issuing this alert to inform customers about a new worm named W32.Blaster.Worm which is spreading in the wild. This virus is also known as: W32/Lovsan.worm (McAfee), WORM_MSBLAST.A (Trendmicro), Win32.Posa.Worm (Computer Associates). Best practices, such as applying security patch MS03-026 should prevent infection from this worm. This worm scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability patched by MS03-026. Once the Exploit code is sent to a system, it downloads and executes the file MSBLAST.EXE from a remote system via TFTP. Once run, the worm creates the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill Symptoms of the virus: Some customers may not notice any symptoms at all. A typical symptom is the system is rebooting every few minutes without user input. Customers may also see: Presence of unusual TFTP* files Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory To detect this virus, search for msblast.exe in the WINDOWS SYSTEM32 directory or download the latest anti-virus software signature from your anti-virus vendor and scan your machine.
Operating System Windows XP Windows 2003 Windows 2000 Windows Windows 98
System Requirements<li>Windows XP, Windows 2000, Windows Server 2003, Windows NT 4.0, NT 4.0 Terminal Services Edition


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All