Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Symantec: W32.Blaster.Worm - Upgraded To Level 4

UPDATE: 13th August 2003:
RE: Microsoft New Zealand

Note to Editor:

If you are covering this security issue, Microsoft would appreciate that you use the following URLs and Phone numbers rather than any previously issued.
Phone: 0800 800 004.
Website: http://www.microsoft.com/security

Thank you for your assistance.

Megan Rosier
AUGUST.ONE COMMUNICATIONS

*******

Symantec: W32.Blaster.Worm - Upgraded To Level 4

Further to yesterday's announcement, Symantec Security Response has upgraded W32.Blaster.Worm from a Level 3 (moderate) to a Level 4 (high) threat, in response to an increased number of submissions from customers and information from Symantec's Deepsight Threat Management System.

W32.Blaster.Worm exploits the Microsoft DCOM RPC Interface Buffer Overrun vulnerability. Due to the high number of users impacted by this vulnerability, Symantec has raised the ThreatCon to a Level 4. Systems affected include Microsoft IIS, Windows 2000, Windows XP and Windows NT.

W32.Blaster.Worm uses the DCOM MSRPC vulnerability to compromise a remote system. It attempts to connect to TCP port 4444 after the attack and then uses tftp to retrieve and install a copy of itself onto the infected system.

When the W32.Blaster.Worm is executed, it will do the following:

1. Adds the value: "windows auto update"="msblast.exe" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so that the worm runs when you start Windows.

2. Send data on TCP port 135 that may exploit the DCOM RPC vulnerability to allow the following actions to occur on vulnerable machine: the worm will be downloaded and will run using the program tftp.

Through analysis of the worm, Symantec has determined that it contains code to launch a Denial-of-Service attack against windowsupdate.com during a specific time period. The worm will launch a Denial-of-Service attack after August 15th through the end of the year, every year.

Microsoft issued a patch for this vulnerability on July 16th. Symantec Security Response strongly encourages users to patch systems. The patch is available at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

More information on this worm and how to delete and scan for infected files can be found on the Symantec Security Response website - http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

ENDS

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Tornado Aftermath: More Storms Forecast For New Plymouth

Up to 30 homes were damaged Monday night when a tornado roared through a New Plymouth suburb last night , cutting power lines, tearing off roofs, and toppling trees. More>>

ALSO:

Government Investment Rejig: Sustainable Food & Fibre Futures Launched

Growing New Zealand’s food and fibre sectors sustainably and supporting a thriving economy are the hallmarks of a new investment programme announced today by Agriculture Minister Damien O’Connor. More>>

Dump Levy Options: Waste Work Programme Announced

Associate Environment Minister Eugenie Sage has announced a programme of work to take action on New Zealand’s long-neglected waste problems. More>>

ALSO:

Real Estate: Foreign Buyers Ban Passes Third Reading

The Bill to put in place the Government’s policy of banning overseas buyers of existing homes has passed its third and final reading in the House. More>>

ALSO:

Nine Merger: Fairfax Slashes Value Of NZ Business

Fairfax Media Group more than halved the value of its Kiwi assets, attaching just A$40 million to mastheads that were once the core of a billion dollar investment. More>>

Collecting Scalpers: Commerce Commission To Sue Viagogo

The Commission will claim that Viagogo made false or misleading representations: • that it was an “official” seller, when it was not • that tickets were limited or about to sell out • that consumers were “guaranteed” to receive valid tickets for their event • about the price of tickets... More>>

ALSO: