| VIRUS ALERT
Virus Name:
W32/Lovsan.worm
We would like to make all our users aware of a new worn doing the rounds.
The W32/Lovsan.worm, which propagates via the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability, has recently been observed propagating at notable rate in the wild.
It is known that the W32/Lovsan.worm attempts to conduct a Denial of Service (DoS) attack against windowsupdate.com during a specific time period. The worm will start a tftp server on the attacking host; this will allow the victim host to download a copy of the worm (msblast.exe) after a successful compromise. The worm will also open a command shell on port 4444 of the compromised host.
The worm can spread via Windows 2000
and Windows XP
.
This threat exploits the MS03-026
vulnerability. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the worm is able to execute without requiring any action on the part of the user.
Our upstream provider has blocked all traffic on ports 135 and 4444 into their network at the gateway routers for the international and local peering links.
Our email virus scanner has been updated to protect against this threat.
Stinger
is a stand alone remover. You may download your copy by going to the following URL: http://vil.nai.com/vil/stinger
Additional Removal Tools
:
DCOM ISS Scanner
Microsoft Patches
DCOM Cleaner for Infected Boxen
Reference:
http://vil.nai.com/vil/content/v_100547.htm
| 