The McAfee site says:
"Method of Infection Back to Top
This worm spreads by exploiting a recent vulnerability in Microsoft
Windows. The worm scans random ranges of IP addresses on port 135.
Discovered systems are targeted. Exploit code is sent to those systems,
instructing them to download and execute the file MSBLAST.EXE from a
remote system via TFTP.
The worm contains a payload to initiate a Denial of Service attack
against windowsupdate.com.
Computers that have up-to-date antivirus software will detect the worm
executable upon download. However, unless the system has been (MS03-026)
patched, it is susceptible to the buffer overflow attack. This means
that the remote shell will still get created on TCP port 4444, and the
system may unexpectedly crash due upon receiving malformed exploit code."
Hasn't shown up on my machine. Being on the other side of a router,
running the ZoneAlarm firewall and running Norton Antivirus probably has
something to do with that.
Moose
Brian Swale wrote:
Hi Mike et al
I believe it only affects NT based systems, i.e. NT, 2000, XT. So
legacy windows and mac are not affected. Or so I have been told by
reliable sources. Doesn't hurt to check my info and take the usual
precautions though.
Mike
This is what is also on the Symantec website, and they also have explicit
methods for getting rid of it.
Since I'm still running W'95 I'm not too worried, but I'd very much like to hear
how those of us whose computers got infected actually got the worm.
|