TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_MSBLAST.D
Overview
Solution

Malware type: Worm

Aliases: Worm.Win32.Lovesan, W32/Msblast.D

In the wild: No

Destructive: Yes

Language: English

Platform: Windows 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This is a modified version of WORM_MSBLAST.A.

This worm similarly exploits the RPC DCOM Buffer Overflow, a known vulnerability that compromises network security by allowing a remote attacker to gain unauthorized access and execute any code on a target machine.

It is only different from the earlier variants on the following respects:

  • It uses the file name MSPATCH.EXE.
  • Its autorun registry entry is different.
  • It contains the following text strings within its body:

    "This is a patch to fixedRPC Problem! Your computer has been Protected by me. Your have not need update your Windows XP.."

Important: Users of affected systems are strongly advised to apply the necessary patches, which may be downloaded from the following Microsoft page:

Users are also advised to visit the following page for more information from Microsoft:

TrendMicro proactively detects this malware as WORM_MSBLAST.GEN. It runs on Windows NT, 2000 and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 18, 2003 4:44:25 PM GMT -0800
Description updated: Aug. 18, 2003 5:02:01 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.