W32/Blaster-D

Discussion in 'malware problems & news' started by FanJ, Aug 19, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    W32/Blaster-D

    Aliases :
    W32/Lovsan.worm.d, Exploit-DcomRpc trojan, WORM_MSBLAST.E

    Type :
    Win32 worm

    Description
    W32/Blaster-D spreads in the same way as W32/Blaster-A. However, the Blaster-D variant is packed differently, uses the filename (and process name) mspatch.exe instead of msblast.exe, and adds the registry entry

    HKLM\Software\Microsoft\Windows\CurrentVersion\Runon\Nonton Antivirus

    Microsoft issued a patch for the vulnerability exploited by this worm on July 16, 2003. The patch is available from
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp.

    Read more:
    http://www.sophos.com/virusinfo/analyses/w32blasterd.html


    Note by me:
    That MS-site was last revised at August 18, 2003
     
Thread Status:
Not open for further replies.