New Blaster worm variants on the loose

Link: Microsoft prepares for Blaster worm attack

Blaster B and Blaster C are very simple tweaks on the original blaster code.

These include changing the name of the infection application from MCBlast.exe to Teekids.exe or penis32.exe respectively.

The code compression format has also been changed and new messages have been added taunting Microsoft and anti-virus companies.

The Blaster C worm can also include a Trojan that allows hackers to take control of infected PCs. Anti-virus vendors have already identified the Trojan, called Lithium, and a scan should remove it.

The worms are still spreading around the world but infections are down from Monday’s peak.

‘There’s still a fair few infections occurring,’ said Jack Clark, product marketing manager at Network Associates.

‘We’re seeing about seven to eight per cent of computers infected when we scan the home sector. It’s spreading slowly and the Asian sector is patching itself up fast but Blaster and its variants will be around for a while yet.’

Related reading

HMRC banknotes