EQInterface Forums - View Single Post - Nasty Virus on the Loose!

MS-BLAST WORM, First documented exploit of the July 16, 2003 Microsoft Windows RPC vulnerability

Risk: High. All unprotected Internet-connected PCs with vulnerable versions of the Windows operating system could be affected.

Vulnerability: The MS-Blast worm exploits a vulnerability of the RPC (Remote Procedure Call) process built into Windows. The RPC process facilitates sharing resources like files and printers over a network. The MS-Blast worm scans the local network for PCs that have UDP port 135 open. If the worm finds such a target, it exploits the RPC vulnerability and infects the PC with a copy of itself. Once on a PC, the worm attempts to spread further and interfere with normal OS operation. The worm also attempts to use infected computers in a distributed denial-of-service attack against Microsoft's Windows Update site.

Harm: Loss of user productivity, IT/Helpdesk calls and intervention required, and potential business continuity issues. Infected machines may experience performance problems and users may not be able to use their Internet connections. Network bandwidth usage could affect Quality of Service (QOS) and disrupt operation of critical business and network services.

Thats the exact email i got from zone labs about this worm.

TrendLabs has received several infection reports of this new worm, which exploits the RPC DCOM BUFFER OVERFLOW. This vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
This worm has been observed to continuously scan random IP addresses and send data to vulnerable systems on the network using port 135. On the following system dates, it performs a Distributed Denial Of Service attack against windowsupdate.com:
On the 16th to the 31st day of the following months:
January
February
March
April
May
June
July
August

Any day in the months of September to December.

This worm runs on and is able to propagate into Windows NT, 2000, and XP systems.

This is what i've leard at the trend website too.

Both state that this worm could cause you not to be able to run windows update. Hence you will not be able to get this fixxed.

08-13-2003, 07:59 PM	#13
golgo13 A Treant Join Date: Oct 2002 Server: veeshan Posts: 21	MS-BLAST WORM, First documented exploit of the July 16, 2003 Microsoft Windows RPC vulnerability Risk: High. All unprotected Internet-connected PCs with vulnerable versions of the Windows operating system could be affected. Vulnerability: The MS-Blast worm exploits a vulnerability of the RPC (Remote Procedure Call) process built into Windows. The RPC process facilitates sharing resources like files and printers over a network. The MS-Blast worm scans the local network for PCs that have UDP port 135 open. If the worm finds such a target, it exploits the RPC vulnerability and infects the PC with a copy of itself. Once on a PC, the worm attempts to spread further and interfere with normal OS operation. The worm also attempts to use infected computers in a distributed denial-of-service attack against Microsoft's Windows Update site. Harm: Loss of user productivity, IT/Helpdesk calls and intervention required, and potential business continuity issues. Infected machines may experience performance problems and users may not be able to use their Internet connections. Network bandwidth usage could affect Quality of Service (QOS) and disrupt operation of critical business and network services. Thats the exact email i got from zone labs about this worm. TrendLabs has received several infection reports of this new worm, which exploits the RPC DCOM BUFFER OVERFLOW. This vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface allows an attacker to gain full access and execute any code on a target machine, leaving it compromised. This worm has been observed to continuously scan random IP addresses and send data to vulnerable systems on the network using port 135. On the following system dates, it performs a Distributed Denial Of Service attack against windowsupdate.com: On the 16th to the 31st day of the following months: January February March April May June July August Any day in the months of September to December. This worm runs on and is able to propagate into Windows NT, 2000, and XP systems. This is what i've leard at the trend website too. Both state that this worm could cause you not to be able to run windows update. Hence you will not be able to get this fixxed. __________________ Elekros Delekros 56 Necromancer Veeshan