
	Where results make sense

Topic: Blaster worm

Related Topics

Sasser worm

Notable computer viruses and worms

Sobig worm

Morris worm

SQL slammer worm

Code Red II

Mydoom

Code Red worm

Sircam

Melissa worm

List of computer viruses

Microsoft Windows

Sven Jaschan

Elk Cloner

CIH virus

	Panda Software - Virus information
		Blaster is a worm that infects only Windows 2003/XP/2000/NT computers.
		Blaster exploits the Buffer Overrun in RPC Interface vulnerability to spread to as many computers as possible.
		Blaster spreads by attacking IP addresses generated at random and exploits the vulnerability mentioned above to download a copy of itself to the compromised computer.
	www.pandasoftware.com /virus_info/encyclopedia/overview.aspx?idvirus=40369 (209 words)

	PCWorld.com - Blaster Worm Continues to Spread (Site not responding. Last check: 2007-10-08)
		Blaster takes advantage of a known vulnerability in a Windows component called the DCOM (Distributed Component Object Model) interface, which handles messages sent using the RPC (Remote Procedure Call) protocol.
		Ullrich put the number of machines infected by Blaster at 30,000 worldwide, fewer than the number infected by the Code Red and NIMDA worms of 2001, but more than were infected by the recent Slammer worm.
		Unlike the Code Red worm, which contained code for a similar attack against the IP address of the White House's main Web server, Blaster targets the windowsupdate.microsoft.com domain, preventing Microsoft from simply changing the address of the domain to sidestep the attack, he said.
	www.pcworld.com /news/article/0,aid,111973,00.asp (862 words)

	worm blog: Blaster
		Automatic worm signature generation in the face of a worm outbreak is a research goal of several groups.
		However, Blaster's efficiency was somewhat diminished in that it used a TFTP file transfer to move the worm executable around rather than direct injection.
		The authorof the Blaster.B variant (the "teekids" variant of the Blaster worm, from August, 2003) is due to be sentenced soon.
	www.wormblog.com /blaster (5153 words)

	W32/Nachi.worm
		Once running, the worm terminates and deletes the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent other threats from infecting the system through the same hole.
		To check whether the target machine is on the network, the worm sends an ICMP ping to potential victim machines, and upon a reply, sends the exploit data.
		The first is to detect the Vulnerability that the worm uses to exploit the machine.
	vil.nai.com /vil/content/v_100559.htm (1378 words)

	Blaster worm "B" Strain - TechSpot OpenBoards
		The worm will then increment the 0 part of the IP address by 1, attempting to find and exploit other computers based on the new IP address, until it reaches 254.
		However, if the worm is manually placed and executed on a computer that is running these operating systems, it can run and spread.
		When the worm receives a request from a computer to which it was able to connect using the DCOM RPC exploit, it will send msblast.exe to that computer and tell it to execute the worm.
	www.techspot.com /vb/topic6930.html (644 words)

	BBC NEWS \| Technology \| Worm blasts across the web (Site not responding. Last check: 2007-10-08)
		The vulnerability exploited by the worm has been known about for almost a month and net security organisations have been warning that it would soon be exploited.
		The worm is likely to find a lot of hosts on the net as it exploits a vulnerability found in many different versions of Microsoft Windows.
		Security firms said that the worm is unlikely to spread as far the recent Slammer worm but said it could rival 2001's Code Red worm which managed to infect 200,000 machines.
	news.bbc.co.uk /1/hi/technology/3143625.stm (520 words)

	Blaster rewrites Windows worm rules \| The Register
		Blaster shatters the partially reassuring notion that email-borne nasties are the most significant threat for Harry Homeowner.
		An analysis of Blaster by the Internet Storm Centre, which is generally credited as being the first to spot the problem, can be found here.
		Vincent Weafer, Senior Director at Symantec Security Response Centre, said that Blaster was having nowhere near as severe an effect as the infamous Slammer worm, which took out much of Korea's ADSL network and made a limited number of bank ATMs temporarily unavailable earlier this year.
	www.theregister.co.uk /2003/08/14/blaster_rewrites_windows_worm_rules (1305 words)

	Symantec Security Response - W32.Blaster.C.Worm (Site not responding. Last check: 2007-10-08)
		When the worm receives a request from a computer to which it was able to connect using the DCOM RPC exploit, it will send teekids.exe to that computer and tell it to execute the worm.
		The worm runs on a Windows 2000 computer that was infected during the payload period and has not been restarted since it was infected.
		The worm runs on a Windows 2000 computer that has been restarted since it was infected, during the payload period, and the currently logged in user is Administrator.
	www.symantec.com /avcenter/venc/data/w32.blaster.c.worm.html (2008 words)

	CNN.com - Worm that targets 'Blaster' hinders Air Canada operations - Aug. 19, 2003
		The virus, of the self-spreading kind known as a "worm," affected the airline's call center in Toronto and check-in systems across the country, she said.
		Called the "Welchia" worm by antivirus companies, it targets computers infected with the "Blaster" worm, which debuted last week.
		The Blaster worm also affected some computers of Ontario's emergency response system dealing with the aftermath of last week's huge flout across a swath of the province and eight U.S. states.
	www.cnn.com /2003/TECH/internet/08/19/internet.worm.ap (324 words)

	New Blaster worm variant on the loose \| InfoWorld \| News \| 2003-08-13 \| By Paul Roberts, IDG News Service
		Windows XP users infected with Blaster report frequent system reboots and messages about "System Shutdown." Both Windows XP and Windows 2000 users may experience significant system slow downs when using Windows or surfing the Internet if their machine is infected, according to Alfred Huger, director of engineering at Symantec Security Response.
		RpcSpybot-A uses the same exploit as the worm, but is an IRC (Internet Relay Chat) trojan that scans the Internet for vulnerable systems, exploits the RPC DCOM security hole, then uses IRC to remotely control the infected systems for use in a denial of service attack, according to Symantec's Huger.
		The emergence of new versions of the Blaster worm complicates the job of blocking attacks for customers who haven't patched their vulnerable Windows systems, Belthoff said.
	www.infoworld.com /article/03/08/13/HNblaster_1.html (1299 words)

	Blaster rewrites Windows worm rules
		The Blaster worm, which continues to create chaos by crashing numerous vulnerable Windows machines across the Net, has changed the rules on malicious code attacks.
		The Blaster worm will infect vulnerable Windows PCs, often causing them to repeatedly crash as soon as they are connected to a network.
		Blaster is programmed to commandeer infected machines to launch a DDoS attack against windowsupdate.com on 16 August.
	www.securityfocus.com /news/6725 (1203 words)

	Blaster worm linked to severity of blackout - Computerworld
		WASHINGTON -- The W32.Blaster worm may have contributed to the cascading effect of the Aug. 14 flout, government and industry experts revealed this week.
		On the day of the flout, Blaster degraded the performance of several communications lines linking key data centers used by utility companies to manage the power grid, the sources confirmed.
		Coverage of the Blaster worm and its aftermath.
	www.computerworld.com /printthis/2003/0,4814,84510,00.html (760 words)

	The Seattle Times: Business & Technology: Blaster Internet worm defendant, 19, pleads guilty
		The Minnesota man who created a version of the Blaster Internet worm pleaded guilty yesterday in federal court in Seattle and could be sentenced in November to up to three years behind bars.
		As part of his plea agreement, Jeffrey Lee Parson, 19, admitted he downloaded the original Blaster worm last August to his home computer in Hopkins, Minn., and bundled it with a "back-door" software program that allowed him to access infected computers.
		Parson's lawyer said that he was young when he created the worm and had no understanding of how serious his actions were, but has obeyed the rules since he was arrested.
	seattletimes.nwsource.com /html/businesstechnology/2002002971_parson12.html (466 words)

	Sophos virus analysis: W32/Blaster-A
		On finding a vulnerable computer system, the worm causes the remote machine to acquire a copy of the worm using TFTP, which is saved as msblast.exe or penis32.exe in the Windows system folder.
		From 16 August 2003, one month after the security patch was posted, the worm is programmed to launch a distributed denial-of-service attack on windowsupdate.com, which may severely impact access to the website Microsoft uses to distribute security patches.
		Each machine which begins to run the worm on or after this date (with a new infection or after a reboot) will send 50 SYN packets per second to port 80 on windowsupdate.com.
	www.sophos.com /virusinfo/analyses/w32blastera.html (348 words)

	USATODAY.com - Microsoft thwarts Blaster worm attack (Site not responding. Last check: 2007-10-08)
		Blaster is now a "a bulldog without teeth," says Lloyd Taylor of Web monitoring firm Keynote Systems.
		As of Saturday afternoon, the worm had infected more than 423,000 computers around the world since Monday, according to security firm Symantec.
		As Blaster runs its course, security experts are left to ponder what might have happened if the worm had been crafted more meticulously or if its author hadn't given Microsoft five days to figure out how to stop the attack phase.
	www.usatoday.com /tech/news/2003-08-15-worm-part2_x.htm (469 words)

	F-Secure Computer Virus Information Pages: Lovsan
		F-Secure is upgrading the Lovsan worm (also known as Msblast) to Level 1 as it continues to spread rapidly.
		First sample of the Lovsan worm was received at 19:22 GMT on 11th of August, 2003.
		The worm tries to connect to port 135 on all the 20 hosts and check if the connection is successful.
	www.f-secure.com /v-descs/msblast.shtml (1351 words)

	Wired News: New Worm Mocks 'Billy' Gates
		Blaster, which zeroes in on the Windows 2000 and Windows XP operating systems, has been timed to attack a Microsoft security website distributing the patch needed to stop the worm in its tracks before it hits millions of users.
		Blaster is fairly unusual in that it does not spread specifically by e-mail.
		In January, a worm known as Slammer, which exploited a hole in Microsoft SQL database software, brought automatic teller machines in the United States to a standstill, paralyzed corporate networks worldwide and nearly shut down Web access to South Korea.
	www.wired.com /news/technology/0,1282,59987,00.html (581 words)

	How do I protect my computer from the Blaster (W32.Blaster.Worm) worm? - Viruses & Security - HiWAAY Support FAQs
		If the worm causes your computer to crash too often to download the Microsoft updates, use one of these workarounds.
		Blaster takes advantage of a known vulnerability in Windows RPC that allows a remote user to gain access to the targeted computer.
		Blaster is also known as the Lovsan and Poza worm.
	www.hiwaay.net /support/faq/index.cgi?view=1&id=289&catid=88 (1500 words)

	W32.Blaster.Worm
		W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in the Microsoft Security Bulletin MS03-026 linked above) using TCP port 135.
		The worm will then count up from 0, attempting to find and exploit other computers, based on the new IP.
		When the worm receives a request from a computer it was able to connect to using the DCOM RPC exploit, it will send that computer Msblast.exe and tell it to execute the worm.
	www.upenn.edu /computing/virus/03/w32.blaster.worm.html (872 words)

	Cisco Security Notice: Cisco Security Notice: W32.BLASTER Worm Mitigation Recommendations
		The effects of this worm can be mitigated by blocking the required ports it uses to spread itself, scan for new infections, and propagate the executable code.
		The traffic load generated by this worm is high, but appears to have stabilized after the first 24 hours of infection.
		The W32.Blaster worm is due to launch TCP SYN attacks against windowsupdate.com, first starting on the 16th of August 2003.
	www.cisco.com /warp/public/707/cisco-sn-20030814-blaster.shtml (3166 words)

	Blaster worm spreading rapidly \| The Register
		Although serious, the effects of the Blaster worm are expected to be less than that caused by the infamous Nimda worm.
		According to a preliminary analysis of the worm by F-Secure, the worm spreads in a 6176 byte executable named MSBLAST.EXE to Windows 2000 and Windows XP systems unless recent Windows security patches have been applied.
		The worm launches a command shell and uses TFTP to connect to other infected systems to download the worm's executable.
	www.theregister.co.uk /2003/08/12/blaster_worm_spreading_rapidly (581 words)

	Macworld: News: Windows Blaster worm spreading, experts warn of attack
		A new worm that exploits a widespread vulnerability in Microsoft Corp.'s Windows operating system continued its spread on Tuesday, making Monday's outbreak the most serious since the appearance of the SQL Slammer worm in January, according to security experts.
		Unlike the Code Red worm, which contained code for a similar attack against the IP (Internet protocol) address of the White House's main Web server, Blaster targets the windowsupdate.microsoft.com domain, preventing Microsoft from simply changing the address of the domain to sidestep the attack, he said.
		Blaster's code is small and can be quickly removed using free tools provided by F-Secure as well as other antivirus vendors, Hyppönen said.
	www.macworld.com /news/2003/08/12/blaster (1044 words)

	Blaster virus infects users of Microsoft
		The worm, dubbed Blaster, MBlast or LovSan by various virus trackers, infects computers connected to the Internet but does not require an action, such as clicking on an attachment, to be triggered.
		Blaster is similar to the Slammer worm that struck in January and cost as much as $1 billion in lost productivity, according to published estimates.
		The worm could potentially be elevated to high risk if it shows up in Asia, but Gullotto said that on scale of 1 to 10, the potential would rank only 4.
	www.sfgate.com /cgi-bin/article.cgi?file=/chronicle/archive/2003/08/12/BU299036.DTL&type=business (859 words)

	Network Security, Vulnerability Assessment, Intrusion Prevention (Site not responding. Last check: 2007-10-08)
		Once the target is successfully compromised, the worm transmits the msblast.exe executable (the main body of the worm) via TFTP to infect the host.
		Once the "windows auto update" registry value is in place, the Blaster worm next creates a mutex named "BILLY." The existence of the mutex allows a new instance of the Blaster worm to recognize that a target has already been infected, preventing subsequent infection attempts from interfering with an already active instance of Blaster.
		After sending the payload and waiting for a short interval, the worm assumes that a command shell is listening on the remote port 4444 and attempts to connect.
	www.eeye.com /html/Research/Advisories/AL20030811.html (1185 words)

	Worm aims to eradicate Blaster (Site not responding. Last check: 2007-10-08)
		As if last week's Blaster worm didn't cause enough damage, there are now reports of a worm that breaks into Windows-based computers to try to delete any trace of the Blaster worm infection, and then downloads the patch Microsoft developed to fix the vulnerability that Blaster exploits.
		This is the technique exploited by the Blaster worm first seen last week, which infected hundreds of thousands, if not millions, of computers worldwide.
		The Nachi/Welchia/MSBlast worm does not seem to be moving fast, but security firms are keeping a close eye on evidence of its spread since it could also become a problem this week as Blaster was last week.
	www.networkworld.com /news/2003/0818unblast.html (1095 words)

	Blaster Worm Losing Steam - NewsFactor Network (Site not responding. Last check: 2007-10-08)
		Defects in the code of a worm that has wreaked havoc on Windows-based computers, combined with efforts by Microsoft to battle the bug, have resulted in an effective response to a global problem.
		The worm directed computers to windowsupdate.com, an address that is not the correct update site, but redirects users to the proper site for obtaining a patch for the virus.
		While the number of computers affected by Blaster is hard to pinpoint, with some reports indicating more than 400,000 infected machines, Hurley estimated that some 250,000 computers worldwide have been infiltrated by the worm.
	www.newsfactor.com /perl/story/22107.html (624 words)

	CNN.com - Good worm claims to fight Blaster - Feb. 26, 2004
		A new worm is taking an unusual turn by trying to repair computers infected by the Blaster worm and patch the weakness that it utilizes.
		This time the worm attempts to install Microsoft Windows updates to patch-up the security hole used by last week's deadly worm, as well as clean up if the computer is infected with Blaster.
		Even though the latest worm may have good intentions, experts are questioning whether it is likely to spell more trouble for the world's computers.
	edition.cnn.com /2003/TECH/internet/08/15/microsoft.blaster (515 words)

Try your search on: Qwika (all wikis)