MSBlast is programed to start DoS attack on Windows Update site that starts the 15th
MSBlast (Lovsan) worm exploits Windows RPC flaw
By Robert Vamosi
Worm scans Internet to find vulnerable Windows 2000, NT, and XP systems
(8/11/03)
MSBlast (alias Lovsan, Blaster, and Posa) is an Internet worm that takes advantage of the Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface buffer overflow flaw. Although Microsoft issued a patch on July 17, 2003, many people have yet to patch their systems. Ironically, the worm threatens to shut down the windowsupdate.com site, the source of Microsoft security patches. Because MSBlast is spreading quickly via the Internet and could shut down infected machines, this worm rates a 7 on the CNET Virus Meter.
How it works
MSBlast does not spread via e-mail. Instead, it scans the Internet on port 135 looking for vulnerable computers. When it finds one, it attempts to exploit the DCOM RPC buffer overflow, create a remote root shell on TCP port 4444, then use FTP to download a file called msblast.exe onto the infected computer.
MSBlast contains a denial-of-service (DoS) attack aimed at Microsoft's windowsupdate.com. The attack will start on August 15 and continues throughout the end of the year. MSBlast updates the system Registry with the following line so that it will run each time the computer is rebooted. ........
http://reviews.cnet.com/4520-6600_7-5062389.html?tag=cnetfd.sd
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
