|
Description:
This variant of WORM_MSBLAST.A exploits the RPC DCOM BUFFER OVERFLOW, a vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
It contains all the functionalities of the A variant except for the following unique characteristics:
- Its dropped file name is ENBIEI.EXE.
- It creates a different registry entry.
- It performs a DDoS (distributed denial of service) attack against a different site, namely "tuiasi.ro".
- It creates a mutex named "muuie."
- It usually arrives Aspack-compressed.
Note that The RPC DCOM Buffer Overflow vulnerability affects unpatched systems running Windows NT, 2000, XP, and Server 2003. This worm, however, can only propagate into systems running Windows 2000 and XP.
Important: Users of affected systems are strongly advised to apply the necessary patches, which may be downloaded from the following Microsoft page:
Users are also advised to visit the following page for more information from Microsoft:
For general overview of the MSBLAST family of worms, please refer to the Virus Encyclopedia entry for WORM_MSBLAST.GEN.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 1, 2003 9:31:06 AM GMT -0800
Description updated: Sep. 1, 2003 10:52:00 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
