Symantec Security Response W32.Blaster.Worm update
Symantec Security Response - W32.Blaster.Worm update
Symantec Security Response reports the W32.Blaster.Worm denial-of-service attack that triggered on August 16 had no noticeable impact on systems since the target URL (windowsupdate.com) had been removed earlier by Microsoft, providing nowhere for the attack to go. The real site at windowsupdate.microsoft.com was operating correctly, so users could still download new program or security updates.
The latest data from the Symantec DeepSight Threat Management System records more than 572,458 Internet facing infections (unique IP addresses) since the worm first started to propagate on August 11. The worm is now spreading at about 15 percent of the rate it was at its highest peak. However, it will not disappear until more systems deploy the security patch and/or deploy firewall rules to block the relevant ports, in addition to having updated virus definitions.
Symantec Security Response expects to see this worm or variants of it continuing to spread in the wild for many months, but at much reduced rates.
Security Response has also seen a new worm,
W32.Welchia.Worm. Initial analysis has determined that the
worm looks for the existence of Msblast.exe, dropped by the
W32.Blaster.Worm, and deletes it if present. The worm also
attempts to download the DCOM RPC vulnerability patch from
Microsoft's update site. If the update has been successful,
the worm will reboot the computer so the update takes