PDA

View Full Version : w*2/Blaster AKA LovSAN



mbravo
08-12-2003, 06:04 PM
I think everybody is already aware of the new worm which is propagating acroos the Internet. However, thought I'd post a useful summary.

The worm exploits a vulnerability in Windows DCOM RPC subsystem. For patches, look at this MS Security Bulletin (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS0*-026.asp)

Symantec is posting the ongoing results of their analysis of the worm here (https://tms.symantec.com/members/AnalystReports/0*08**-Alert-DCOMworm.pdf)

The ISS X-Force info on the worm is at: http://xforce.iss.net/xforce/alerts/id/*50

The ISS X-Force info on the vuln is at: http://xforce.iss.net/xforce/alerts/id/*47 (http://xforce.iss.net/xforce/alerts/id/*47)

Modified MSSecure.XML file to use with HFNetchk/MBSA to detect Windows 2000 SP2 installations without the patch: LovSAN-W2KSP2.asp (http://www.ntbugtraq.com/LovSAN-W2KSP2.asp)

Symantec Removal Tool: http://securityresponse.symantec.com/avcenter/venc/data/w*2.blaster.worm.removal.tool.html

Trend Micro Removal Tool: http://www.trendmicro.com/download/tsc.asp

F-Secure Removal Tool: http://www.f-secure.com/v-descs/msblast.shtml

Computer Associates Removal Tool: http://www*.ca.com/virusinfo/virus.aspx?ID=*6265

McAfee/NAI Removal Tool: http://vil.nai.com/vil/stinger/