|
Description:
This variant of WORM_MSBLAST.A is already detected as WORM_MSBLAST.GEN by the latest pattern file with engines 6.350 and above.
This worm similarly exploits the RPC DCOM Buffer Overflow, a known vulnerability that compromises network security by allowing a remote attacker to gain unauthorized access and execute any code on a target machine.
This variant appears to be an original WORM_MSBLAST.A, modified in its binary form and packed with other protector tool.
It is only different from the earlier variants in the following respects:
- It uses the file name MSLAUGH.EXE instead of MSBLAST.EXE.
- Its uses the following autostart registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run,
Windows Automation = "mslaugh.exe"
- It launches Distributed Denial of Service (DDoS) attack on kimble.org.
- It has different internal text strings found within its body:
"I dedicate this particular strain to me ANG3L -
hope yer enjoying yerself and dont forget the
promise for me B/DAY !!!!."
Important: Users of affected systems are strongly advised to apply the necessary patches, which may be downloaded from the following Microsoft page:
Users are also advised to visit the following page for more information from Microsoft:
For general overview of the MSBLAST family of worms, please refer to the Virus Encyclopedia entry for WORM_MSBLAST.GEN.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 29, 2003 2:28:36 AM GMT -0800
Description updated: Aug. 29, 2003 2:28:35 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
