Results 1 to 1 of 1
Thread: New DCOM Exploit: WORM_MSBLAST.A
2003-08-12, 00:32 #1
- Join Date
- Feb 2001
- Silicon Valley, USA
- Thanked 93 Times in 89 Posts
New DCOM Exploit: WORM_MSBLAST.A
This is related to the recent thread dcomx.exe error on the Windows XP board; just another exploit for this Windows flaw, but using it to attack windowsupdate.com may be novel.<hr>-----Original Message-----What isn't clear from this initial information is how the worm is spreading...
From: Trend Micro Newsletters Editor [mailto:firstname.lastname@example.org]
Sent: Monday, August 11, 2003 5:17 PM
To: <img src=/w3timages/censored.gif alt=censored border=0>
Subject: Trend Micro Medium Risk Virus Alert - WORM_MSBLAST.A
Dear Trend Micro customer,
TrendLabs has received several infection reports of this new worm named WORM_MSBLAST.A which exploits the RPC DCOM BUFFER OVERFLOW, a vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
This worm has been observed to continuously scan and send data to vulnerable systems in the network using port 135. When the system date is August 15, it performs a Distributed Denial Of Service attack against windowsupdate.com.
As of 1:54 PM, US Pacific Time, Trend has declared a yellow alert to control the spread of this malware.
TrendLabs HQ will be releasing the following EPS deliverables within the next few minutes:
- Official Pattern Release 604
- TMCM Outbreak Prevention Policy 43
- Damage Cleanup Template 143
Please inform us if there are any infection reports in your region.
For more information on WORM_MSBLAST.A, please visit our Web site at: