Ubizen’s Security Intelligence Lab Reports Worm Exploiting Microsoft’s DCOM RPC Vulnerability

— W32/Lovsan.worm hits the Internet —

Ubizen, the principal provider of Managed Security Solutions (MSS) for global businesses, warns against a newly discovered W32/Lovsan.worm, exploiting the RPC vulnerability (reported by Microsoft on July 16) in virtually all versions of Windows.

The worm, dubbed “Blaster” and “LovSan” by some, was first spotted on the Internet yesterday evening. It exploits a dangerous flaw in Microsoft Windows software, scanning for vulnerable systems. Upon success, the worm’s code is downloaded and installed. Infected computers are programmed to automatically launch a denial-of-service attack on the website “windowsupdate.com”, from Saturday, August 16 onwards. Ironically, this website, operated by Microsoft, is used to deliver software patches to Microsoft customers.

Ubizen’s Security Intelligence Lab (SIL) urges companies to immediately update all Windows machines with the latest Service Pack, patch or hotfix available (cfr. Microsoft Security Bulletin: MS03-026: Buffer overrun in RPC). It further advises to block access to TCP ports 135 and 4444 and UDP port 69 at the corporate firewall level. Businesses should also install the latest anti-virus signatures to scan their systems for potential impact.

Ubizen’s Security Intelligence Lab gathers the latest information about threats, system vulnerabilities and possible attacks, through a variety of sources, including the Web, vendor channels and underground resources. Ubizen engineers also conduct ethical hacking, probe for vulnerabilities and evaluate weaknesses in security devices. All this information is centrally stored in a knowledge base and used by the security analysts in Ubizen’s Security Operations Centers (SOC). From these SOCs, Ubizen provides managed security services to its global customer base. Ubizen OnlineGuardian(r) services monitor and manage security devices on a 24x7x365 basis.

About Ubizen
Ubizen(r) is the principal provider of Managed Security Solutions for global businesses. Companies rely on Ubizen OnlineGuardian(r) services to manage, monitor and support security devices 24x7x365. Ubizen’s Professional Services complement Ubizen OnlineGuardian managed services, by helping enterprises plan and implement security policies and infrastructures. Ubizen is also pioneering solutions for Application Security. For more information visit www.ubizen.com.