Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 


Symantec Security Response - New Worm - Level 3

UPDATE: 13th August 2003:
RE: Microsoft New Zealand

Note to Editor:

If you are covering this security issue, Microsoft would appreciate that you use the following URLs and Phone numbers rather than any previously issued.
Phone: 0800 800 004.
Website: http://www.microsoft.com/security

Thank you for your assistance.

Megan Rosier
AUGUST.ONE COMMUNICATIONS

Symantec Security Response - New Worm - Level 3 (Moderate)

Symantec Security Response has identified a new Level 3 worm in the wild -- W32.Blaster.Worm -- that is exploiting the Microsoft DCOM RPC Interface Buffer Overrun vulnerability. Due to the high number of users impacted by this vulnerability, Symantec has raised the ThreatCon to a Level 3. Systems affected include Microsoft IIS, Windows 2000, Windows XP and Windows NT.

W32.Blaster.Worm uses the DCOM MSRPC vulnerability to compromise a remote system. It attempts to connect to TCP port 4444 after the attack and then uses tftp to retrieve and install a copy of itself onto the infected system.

When the W32.Blaster.Worm is executed, it will do the following:

1. Adds the value: "windows auto update"="msblast.exe" to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the worm runs when you start Windows.

2. Send data on TCP port 135 that may exploit the DCOM RPC vulnerability to allow the following actions to occur on vulnerable machines: the worm will be downloaded and will run using the program tftp.

Through analysis of the worm, Symantec has determined that it contains code to launch a Denial-of-Service attack against windowsupdate.com during a specific time period. The worm will launch a Denial-of-Service attack after August 15th through the end of the year, every year.

Through Symantec's DeepSight Threat Management System, Symantec has identified that over 57,000 systems have been infected and are currently launching probes against Port 135.

This number has grown exponentially in the last 24 hours as the average was 1000 - 2000 as of August 10th. Symantec's Managed Security Services reports that W32.Blaster.Worm is propagating at a rate of roughly 20% that of the Slammer worm, in terms of instances of infection (unique IP addresses) per hour passing through our client's security devices.

Microsoft issued a patch for this vulnerability on July 16th. Symantec Security Response strongly encourages users to patch systems. The patch is available at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS03-026.asp

More information on this worm and how to delete and scan for infected files can be found on the Symantec Security Response website http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html


© Scoop Media

 
 
 
 
 
Business Headlines | Sci-Tech Headlines

 

Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>

ALSO:

Half A Billion Accounts: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>

Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>

ALSO:

Half Full: Fonterra Raises Forecast Payout As Global Supply Shrinks

Fonterra Cooperative Group, the dairy processor which will announce annual earnings tomorrow, hiked its forecast payout to farmers by 50 cents per kilogram of milk solids as global supply continues to decline, helping prop up dairy prices. More>>

ALSO:

Results:

Meat Trade: Silver Fern Farms Gets Green Light For Shanghai Maling Deal

The government has given the green light for China's Shanghai Maling Aquarius to acquire half of Silver Fern Farms, New Zealand's biggest meat company, with ministers satisfied it will deliver "substantial and identifiable benefit". More>>

ALSO:

Get More From Scoop

 
 
 
 
 
 
 
 
 
Sci-Tech
Search Scoop  
 
 
Powered by Vodafone
NZ independent news