|
Description:
This variant of WORM_MSBLAST.A similarly exploits the RPC DCOM Buffer Overflow, a known vulnerability that compromises network security by allowing a remote attacker to gain unauthorized access and execute any code on a target machine.
This worm is similar to WORM_MSBLAST.A except for the following:
- It uses the file name TEEKIDS.EXE.
- Its autostart registry entry is "Microsoft Inet Xp".
- It contains a different set of text strings in its body, stating profanity against Microsoft and antivirus providers.
- This variant is compressed under FSG while the A variant is UPX-compressed.
For a general overview of the MSBLAST family of worms, please refer to the Virus Encyclopedia entry for WORM_MSBLAST.GEN.
To know more about the RPC DCOM Buffer Overflow, please read the corresponding Microsoft Bulletin from the following link:
Important: Users of affected systems are strongly advised to apply the necessary patch, which is available on the Microsoft page cited above.
The RPC DCOM vulnerability affects unpatched systems running Windows NT, 2000, XP, and Server 2003. This worm, however, can only propagate into systems running Windows 2000 and XP.
Users are also advised to visit the following page for more information from Microsoft:
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 13, 2003 12:21:19 PM GMT -0800
Description updated: Aug. 15, 2003 2:51:06 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
