The New Blaster is Spreading Rapidly, Infecting Computers Around the Globe

– In just a few hours, this worm has topped the ranking of the viruses most frequently detected by the online antivirus, Panda ActiveScan
– Panda Software offers all users its free PQREMOVE utility, which is especially designed to detect and eliminate Blaster from affected computers

MADRID, August 12, 2003

In just a few hours the new Blaster worm has spread rapidly and already infected thousands of computers around the globe. According to Luis Corrons, head of Panda Software’s Virus Laboratory: “This is a critical moment, as all computers that do not have the security patches installed are vulnerable to this worm. Its proliferation rate is even higher than that of Bugbear.B.”

Blaster has already topped the ranking of the viruses most frequently detected by the free, online antivirus, Panda ActiveScan. For this reason, Panda Software offers all users its PQREMOVE application, which is especially designed to detect and eliminate the Blaster worm and repair the damage that it may have caused in affected computers. This utility is available for download at .

Blaster exploits the RPC DCOM vulnerability, recently discovered in several versions of Windows operating systems, in order to get into computers directly via the Internet through port 135. Once it has done this, it causes a buffer overflow in the affected computer.

However, the main aim of Blaster is to infect as many computers as possible in order to launch a denial of service attack against the website windowsupdate.com whenever the system date is between August 16 and December 31, 2003. When this condition is met, the worm creates a new run thread, which sends a 40-byte packet to windowsupdate.com every 20 milliseconds through the TCP port 80.

This Windows vulnerability, classified as “critical” by Microsoft, consists of a buffer overflow in the RPC interface and affects Windows NT 4.0, 2000, XP and Windows Server 2003. This security hole could allow hackers to gain remote control of affected computers. For this reason and in order to avoid falling victim to attack, Panda Software advises network administrators, IT managers and home users to immediately install the patches released by Microsoft to fix this vulnerability. These are available at http://www.microsoft.com/security/security_bulletins/ms03-026.asp where you can also find detailed information about this flaw.

Panda Software advises users to update their antivirus solutions, if they have not already done so. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Blaster. Those whose software is not configured to update automatically, should update their solutions from From this address users can also detect and disinfect Blaster using the free, online antivirus, Panda ActiveScan

Detailed information about Blaster
is available from Panda Software’s Virus Encyclopedia.

About Panda Software’s virus laboratory
On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.