W32.blaster.b.worm

[Scarthy © ® ™]

Hi all ;),

Seems like a new version of the Blaster worm has been discovered...

W32.Blaster.B.Worm

W32.Blaster.B.Worm is a variant of W32.Blaster.Worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP port 135. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit (if not properly patched), the worm is not coded to replicate to those systems. This worm attempts to download the penis32.exe file to the %WinDir%\System32 folder, and then execute it. This worm does not have any mass-mailing functionality.

View - W32.Blaster.B.Worm

By the looks of things the removal tool for the Blaster Worm also works on this one...

Users of the following OS's should apply the patch from HERE as soon as possible !

Microsoft Windows NT® 4.0

Microsoft Windows NT 4.0 Terminal Services Edition

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server™ 2003

;)

Please feel free to update these threads if you find any information. Spread the word...

[Guest Nellie2]

W32.blaster.c.worm

[mark2]

The advice given regarding installing the MS patch will currently keep you safe from these nasties as will blocking the ports with your firewall. <_>

One other thing that could give you warning of the presence of this type of nasty is the statbar recommended by ellas and also Sysmetrix showing the TCP in and out traffic

see http://www.windowsforum.org/support/forum/...?showtopic=3543

[mark2]

More info on blaster worms.

Cert Advisory

Internet security systems