|
Description:
Similar to earlier MSBLAST variants, this worm also exploits the RPC DCOM Buffer Overflow, a known vulnerability that compromises network security by allowing a remote attacker to gain unauthorized access and execute any code on a target machine.
This variant is actually a modified version of WORM_MSBLAST.A, with its binary form altered and packed with other protector tool.
Its unique characteristics are as follows:
- It uses the file name ENILORA.EXE instead of MSBLAST.EXE.
- It uses the following autostart registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
windows auto update = "enilora.exe"
- Its body contains the following text strings:
This is just another LovSan! TEST
This is a very nice test to do, just changing a virus a little bit to test my AV soft
Important: Users of affected systems are strongly advised to apply the necessary patches, which may be downloaded from the following Microsoft page:
Users are also advised to visit the following page for more information from Microsoft:
TrendMicro proactively detects this malware as WORM_MSBLAST.GEN. It runs on Windows NT, 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 19, 2003 4:59:56 PM GMT -0800
Description updated: Sep. 19, 2003 5:25:51 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
