14 Aug 2003
Blaster worm variants discovered, Sophos Anti-Virus provides protection
Sophos has issued an advisory about two new
variants of the W32/Blaster-A worm (also
known as Lovsan, MSBlaster or Poza).
The first new variant, W32/Blaster-B, is
functionally equivalent to its predecessor but creates a file
called teekids.exe rather than msblast.exe in the Windows system
folder. It also creates a different registry entry and includes
some offensive text (which does not get displayed) directed towards
Microsoft, Bill Gates, and the anti-virus industry.
Another variant, W32/Blaster-C, uses the filename penis32.exe.
Sophos Anti-Virus is capable of detecting W32/Blaster-C without
further updating because it is detected by Sophos's earlier
protection against W32/Blaster-A.
"Updating your anti-virus is one thing, but you also need to
close the window of opportunity for these worms to sneak into your
computer," said Graham Cluley, senior technology consultant for
Sophos Anti-Virus. "It is essential that users and system
administrators ensure their computers are protected against the
vulnerability in many versions of Windows with the patch supplied
by Microsoft."
Microsoft issued a patch for the vulnerability exploited by
these worms on July 16, 2003. The patch is available from www.microsoft.com/technet/security/bulletin/MS03-026.asp.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.