Blaster/Lovsan worm spreading rapidly
Windows users have been warned of a fast spreading worm which uses a documented Remote Proceedure Call (RPC) buffer overun vulnerability to take control of PCs.
Link: Klez named most persistent virus ever
The malicious code, dubbed Worm/Lovsan.A, discovered yesterday, attempts to exploit a documented vulnerability in Microsoft’s Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface.
The worm is also known as Blaster. It is spreading quickly to thousands of machines around the globe, according to initial reports from Network Associates customers.
It takes over compromised PCs through the RPC Buffer Overrun security hole in un-patched Microsoft Windows NT, Windows 2000, Windows XP and Microsoft Windows server 2003 operating systems.
Once infected any code can be executed by a hacker on the victim machine.
The TCP ports directly affected by this exploit includes 135. Worm/Lovsan.A will download and run the file msblast.exe using the Trivial File Transfer Protocol (Tftp).
‘Unfortunately, un-patched systems are again proving to be a vector for fast spreading internet based worms,’ said Steven Sundermeier, vice president of products and services at Central Command, in a statement.
‘Updating antivirus software and patching systems against the latest exploits and vulnerabilities should become standard habit.’