Panda Software Alerts on New Worm W32/Blaster
– It has been created to exploit the new vulnerability discovered in several versions of Microsoft Windows
– Panda Software has started receiving incidents caused by this malicious code
Panda Software’s Virus Laboratory has reported the appearance of a new worm called W32/Blaster, which exploits a vulnerability recently discovered in Windows.
Blaster does not spread through the usual means, it scans the internet for computers that are vulnerable to its attack. Once found, it tries to enter the system through the port 135 to create a buffer overflow. One indication of infection is unusual activity on this port. This will show up in reports from your Firewall if you have one running.
Once installed in a machine, Blaster scans random IP ranges, with the aim of finding more PCs to infect. In addition, it creates a file in the system called msblast.exe, which contains the code of the worm. It creates a registry key to ensure it is started when the operating system is restarted.
However, the purpose of this malicious code, is to infect as many computers as possible to carry out a Denial of Service Attack against the web site www.windowsupdate.com which has been coded in this worm to take place on August 15th.
This Windows vulnerability, which Microsoft has classified “critical”, affects systems with Windows NT, 2000, XP, and Server 2003. This security hole could allow hackers to gain remote control of affected computers. For this reason and in order to avoid falling victim to an attack, Panda Software advises network administrators, IT managers and home users to immediately install the patches released by Microsoft to fix this vulnerability. These are available at http://www.microsoft.com where you can also find detailed information about this flaw.