Microsoft - it's a blast August
2003
New worm targets latest versions of Microsoft Windows
Yet another virus has wormed its way into the world's
most popular operating system, this one aimed at launching a denial of
service against Microsoft's own servers.
MSBlast currently only affects Windows XP and 2000, although
later versions will probably also affect earler versions of the OS. These
releases are currently vulnerable because they use the Distributed Component
Object Model (DCOM), and the worm does not spread by email but by scanning
for openings on port 135 on an unprotected machine.
The virus contains the message 'I just want to say LOVE
YOU SAN!! bill' and affects the registry with the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "windows auto update" = msblast.exe
This means that the worm runs automatically every time Windows is started.
The denial of service was due to begin in mid-August and hit the Windows
update service, but Microsoft has since changed the domain entries for
this site.
|
The company
has also launched a patch to update the security flaw in Windows
2000 and XP, and sites such as Network Associates contain information
on the virus and how to remove it. To check whether you have been
infected, hit Ctrl-alt-del and, under Processes look for an entry
for MSBlast. |
 Previous
stories
Web virus slam
Relevant sites
Network Associates |
|
