Tuesday, August 12, 2003


You know you've got it when a 60 second shutdown timer pops up on your screen. The virus uses the RPC vulnerability. It looks like it's reaching critical mass today.

Here how to prevent it and remove it:


You dont have to open an email or go to a webpage to get this worm. Here's an excerpt from the article on how it spreads:

"MSBlast does not spread via e-mail. Instead, it scans the Internet on port 135 looking for vulnerable computers. When it finds one, it attempts to exploit the DCOM RPC buffer overflow, create a remote root shell on TCP port 4444, then use FTP to download a file called msblast.exe onto the infected computer.

MSBlast contains a denial-of-service (DoS) attack aimed at Microsoft's windowsupdate.com. The attack will start on August 15 and continues throughout the end of the year. MSBlast updates the system Registry with the following line so that it will run each time the computer is rebooted.

Hkey_local_machine\software\Microsoft\Windows\CurrentVersion\ Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! Bill "

If you had already applied a MS patch issued on July 17, 2003 (MS03-026), you are safe.

[Sorry, for the lack of updates for a while!]

No comments:

Post a Comment