W32/Blaster-D

Discussion in 'malware problems & news' started by FanJ, Aug 19, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    W32/Blaster-D

    Aliases :
    W32/Lovsan.worm.d, Exploit-DcomRpc trojan, WORM_MSBLAST.E

    Type :
    Win32 worm

    Description
    W32/Blaster-D spreads in the same way as W32/Blaster-A. However, the Blaster-D variant is packed differently, uses the filename (and process name) mspatch.exe instead of msblast.exe, and adds the registry entry

    HKLM\Software\Microsoft\Windows\CurrentVersion\Runon\Nonton Antivirus

    Microsoft issued a patch for the vulnerability exploited by this worm on July 16, 2003. The patch is available from
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp.

    Read more:
    http://www.sophos.com/virusinfo/analyses/w32blasterd.html


    Note by me:
    That MS-site was last revised at August 18, 2003
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.