Beware, a new worm by the name of Blaster is on the loose and has been upgraded from a category 3 to 4 in one day.
This question was answered on August 12, 2003. Much of the information contained herein may have changed since posting.
Symantec Security Response has upgraded W32.Blaster.Worm from a Category 3 to a 4 as of August 12, 2003 This worm exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135 This worm attempts to download and run a file called Msblast.exe Even if you remove the registry entries, apparently the next time you launch IE, it reinfects from the file
The systems affected: Windows 2000, XP, NT 4.0 & Windows Server 2003
The worm contains the following text, which does not get displayed:
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
According to Sophos anti-virus company, as of August 16, 2003, one month after the security patch was posted, the worm is programmed to launch a distributed denial-of-service attack on windowsupdate.com This may severely impact access to the website Microsoft uses to distribute security patches
This is considered to be a very wild worm, Symantec advises all possible victims to download latest virus definitions immediately and deploy as well us updating all Microsoft security patches.
Get complete instruction on protection and removal from Symantec at:
About the author
Posted by Michal of Data Doctors on August 12, 2003